joomla_antivirus_logo

Autor Tema: Phish site on your network  (Posjeta: 3479 )

0 Članova i 1 Gost pregledava ovu temu.

maleni

  • Novi forumaš
  • *
  • Postova: 36
  • Karma: 0
    • Profil
Phish site on your network
« : 07. Prosinac 2011, 12:20 »
Jutros sam dobio ovo od svog hostera:

Citat:
Poštovani,

Zaprimili smo ozbiljnu ABUSE prijavu zbog sadržaja na
http://www.mojsajt.net/webmaster/personas/index.htm

Sadržaj sam obrisao a paket suspendirao zbog mogućih ozbiljnih posljedica
koje možemo imati zbog ovog. Pregledao sam logove i vidim da je sadžraj
uploadiran FTP-om sa legitimnim passwordom!

Pretpostavljam da je računalo sa kojim ste pristupali kompromitirano virusom
ili sličnim malicioznim softverom.


iles/l/index.htm uploaded  (9647 bytes, 26.66KB/sec)
Dec  5 07:17:35 server11 pure-ftpd: (webmaster@mojsajt.nett@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/index.html
uploaded  (9647 bytes, 23.01KB/sec)
Dec  5 07:17:35 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/i_flecha.gif
uploaded  (49 bytes, 5.78KB/sec)
Dec  5 07:17:36 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/i_lineah.gif
uploaded  (56 bytes, 1.44KB/sec)
Dec  5 07:17:37 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/i_lineav.gif
uploaded  (49 bytes, 0.05KB/sec)
Dec  5 07:17:37 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/i_otp2.gif
uploaded  (1519 bytes, 106.26KB/sec)
Dec  5 07:17:37 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/logoBI.gif
uploaded  (2171 bytes, 135.79KB/sec)
Dec  5 07:17:38 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/logoHSBC.gif
uploaded  (2119 bytes, 6.11KB/sec)
Dec  5 07:17:39 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/processing2.php
uploaded  (659 bytes, 69.99KB/sec)
Dec  5 07:17:39 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/square1x1.gif
uploaded  (43 bytes, 5.15KB/sec)
Dec  5 07:17:40 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/Thumbs.db
uploaded  (7680 bytes, 35.26KB/sec)
Dec  5 07:17:40 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/validate.htm
uploaded  (7662 bytes, 30.81KB/sec)
Dec  5 07:17:40 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[INFO] Can't change directory to /santa/img: No such file or directory
Dec  5 07:17:42 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/img/maximizar.gif
uploaded  (878 bytes, 90.86KB/sec)
Dec  5 07:17:42 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/img/restaurar.gif
uploaded  (880 bytes, 91.78KB/sec)
Dec  5 07:17:42 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[INFO] Can't change directory to /santa/jackbe: No such file or directory
Dec  5 07:17:43 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/img/Thumbs.db uploaded
(4096 bytes, 22.29KB/sec)
Dec  5 07:17:45 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/jackbe/gc_1.js uploaded
(8035 bytes, 28.54KB/sec)
Dec  5 07:18:43 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[INFO] Logout.
Dec  5 07:18:45 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[INFO] Logout.
Dec  5 07:31:54 server11 pure-ftpd: (webmaster@mojsajt.net@187.161.7.167)
[INFO] Timeout - try typing a little faster next time
^C

To Whom It May Concern:

It has come to our attention that you are hosting a fraudulent "phish"
website that is attempting to steal account information from customers =
of=20
Banco Mercantil Santa Cruz.  The URL of the fraudulent site is as =
follows:=20


http://www.mojsajt.net/webmaster/personas/index.htm

The IP address hosting this phish is 176.9.40.205.

Please investigate and shut down this site immediately. =20

If possible, please send us a copy of any fraudulent files or relevant
excerpts of log files regarding this case.

Should you have any questions, please call us at +1-301-515-0820.
Please include the ticket number, MM# 129761, in all communications on this
issue.

Thank you,

Omer Arslan
MM Ops Center

Note: As part of this action, we request that you redirect traffic to an
educational website provided by the Anti-Phishing Working Group
(APWG) at http://education.apwg.org/r/en/index.html.  Information about
implementing a redirect to this page can be found at
http://education.apwg.org/r/how_to.html.

U pitanju je Joomla 1.0.15. Admin mi kaze da moze biti kako imam instaliran maliciozni software na racunalu no da vjerojatno uzrok moze biti stara verzija Joomle (1.0.15.)
Sto mislite?

Pozdrav!

wooer

  • Administrator
  • *****
  • Postova: 1.050
  • Karma: 4
  • It's not bogus, it's an IBM standard
    • Profil
Odg: Phish site on your network
« Odgovori #1 : 07. Prosinac 2011, 12:36 »
Aha, admin je u pravu, kanta ti je zaražena.
UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity
Documentation & Translation Team Member

maleni

  • Novi forumaš
  • *
  • Postova: 36
  • Karma: 0
    • Profil
Odg: Phish site on your network
« Odgovori #2 : 07. Prosinac 2011, 12:51 »
Aha, admin je u pravu, kanta ti je zaražena.
Znaci imam maliciozni software na racunalu? Ne postoji vjerojatnost da je problem u staroj verziji Joomle?

wooer

  • Administrator
  • *****
  • Postova: 1.050
  • Karma: 4
  • It's not bogus, it's an IBM standard
    • Profil
Odg: Phish site on your network
« Odgovori #3 : 07. Prosinac 2011, 13:34 »
Pa, jedino ako si u njoj pohranio svoje ftp pristupne podatke moguće je da je stvar u verziji joomle ali ja i dalje glasam na maliciozni software jer nisi prvi s takvim 'problemom'.
UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity
Documentation & Translation Team Member

 

joomla_antivirus_logo