telophase: (Kyo - cranky kitty)
telophase ([personal profile] telophase) wrote2011-10-26 08:43 pm
  • Add Memory
  • Share This Entry
Entry tags:

Hostees!

Hostees of mine on magatsu.net -- my webspace was hit with an exploit that I'm cleaning out now. I think it was just my accounts and not any of you (as I cannot access your accounts) but please do (a) change your passwords and (b) check your webspace using FileZilla or another FTP program for a PHP script that shouldn't be there. (details under cut)



Details:

The exploit seems to be consistently 28,278 bytes in size, a PHP file named with either two people's named connected by an underscore or an English word connected to a person's name with an underscore. I've found it in root files, and in an images folder in a wiki site and in an uploads folder in a Wordpress site, and in a trunk folder and images folder for survey software I was testing.

If you know how to grep, you can grep for _8b7b as it appears to consistently use that as a variable.

No clue what it's for as it's encrypted. Change your WebID password and your FTP user password to be on the safe side.
Threaded | Flat

[identity profile] madame-manga.livejournal.com 2011-10-27 04:55 am (UTC)(link)
I think my account's clean (though it took me a little while to remember how to get in and look).

[identity profile] matildarose.livejournal.com 2011-10-27 06:35 am (UTC)(link)
Yikes! Hope no damage was done on your end.

[identity profile] wyrdness.livejournal.com 2011-10-27 12:26 pm (UTC)(link)
My little piece of borrowed magatsu seems okay, though I don't think I have the ability to change the password myself as I'm a sub-account and not a direct customer.

I really need to organise the space better though. I suck at filing, even when it's digital storage!
Threaded | Flat