telophase: (Kyo - cranky kitty)
telophase ([personal profile] telophase) wrote2011-10-26 08:43 pm
  • Add Memory
  • Share This Entry
Entry tags:

Hostees!

Hostees of mine on magatsu.net -- my webspace was hit with an exploit that I'm cleaning out now. I think it was just my accounts and not any of you (as I cannot access your accounts) but please do (a) change your passwords and (b) check your webspace using FileZilla or another FTP program for a PHP script that shouldn't be there. (details under cut)



Details:

The exploit seems to be consistently 28,278 bytes in size, a PHP file named with either two people's named connected by an underscore or an English word connected to a person's name with an underscore. I've found it in root files, and in an images folder in a wiki site and in an uploads folder in a Wordpress site, and in a trunk folder and images folder for survey software I was testing.

If you know how to grep, you can grep for _8b7b as it appears to consistently use that as a variable.

No clue what it's for as it's encrypted. Change your WebID password and your FTP user password to be on the safe side.
Flat | Top-Level Comments Only

[identity profile] madame-manga.livejournal.com 2011-10-27 04:55 am (UTC)(link)
I think my account's clean (though it took me a little while to remember how to get in and look).

[identity profile] telophase.livejournal.com 2011-10-27 02:16 pm (UTC)(link)
Great, thanks!

[identity profile] matildarose.livejournal.com 2011-10-27 06:35 am (UTC)(link)
Yikes! Hope no damage was done on your end.

[identity profile] telophase.livejournal.com 2011-10-27 02:18 pm (UTC)(link)
Thanks! Doesn't seem to have been - after messing about with Google Webmaster Tools, they think it was a redirect that took you to a site with malware on it, and I don't think anyone's been caught in that. *fingers crossed*

[identity profile] wyrdness.livejournal.com 2011-10-27 12:26 pm (UTC)(link)
My little piece of borrowed magatsu seems okay, though I don't think I have the ability to change the password myself as I'm a sub-account and not a direct customer.

I really need to organise the space better though. I suck at filing, even when it's digital storage!

[identity profile] telophase.livejournal.com 2011-10-27 02:17 pm (UTC)(link)
I'm working on how to access the web panel - DH changes things about every so often, just enough that as I've learned one set of procedures, they become completely different. :)

[identity profile] wyrdness.livejournal.com 2012-03-31 10:07 am (UTC)(link)
I tried to log in to my borrowed space today and it was throwing up a "can't find user" error at me. Since there's not really much I can do with that I've come to beg the aid of the great hosting one!

Obviously I've been logging in regularly to notice this right now. >_> <_<

[identity profile] telophase.livejournal.com 2012-04-02 06:23 pm (UTC)(link)
Can you email me your user name as I can't remember which one you are? :D telophase14 at gmail.

[identity profile] wyrdness.livejournal.com 2012-04-02 06:37 pm (UTC)(link)
Err, yes, that would probably help... XD
Flat | Top-Level Comments Only