Novosti:

Aktualne Joomla! verzije: 3.10.11 i 4.2.6

Main Menu

Phish site on your network

Autor maleni, 07. Prosinac 2011, 12:20

0 Članovi i 1 Gost pregledava ovu temu.

maleni

Jutros sam dobio ovo od svog hostera:

Citat:Poštovani,

Zaprimili smo ozbiljnu ABUSE prijavu zbog sadržaja na
http://www.mojsajt.net/webmaster/personas/index.htm

Sadržaj sam obrisao a paket suspendirao zbog mogućih ozbiljnih posljedica
koje možemo imati zbog ovog. Pregledao sam logove i vidim da je sadžraj
uploadiran FTP-om sa legitimnim passwordom!

Pretpostavljam da je računalo sa kojim ste pristupali kompromitirano virusom
ili sličnim malicioznim softverom.


iles/l/index.htm uploaded  (9647 bytes, 26.66KB/sec)
Dec  5 07:17:35 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/index.html
uploaded  (9647 bytes, 23.01KB/sec)
Dec  5 07:17:35 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/i_flecha.gif
uploaded  (49 bytes, 5.78KB/sec)
Dec  5 07:17:36 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/i_lineah.gif
uploaded  (56 bytes, 1.44KB/sec)
Dec  5 07:17:37 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/i_lineav.gif
uploaded  (49 bytes, 0.05KB/sec)
Dec  5 07:17:37 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/i_otp2.gif
uploaded  (1519 bytes, 106.26KB/sec)
Dec  5 07:17:37 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/logoBI.gif
uploaded  (2171 bytes, 135.79KB/sec)
Dec  5 07:17:38 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/logoHSBC.gif
uploaded  (2119 bytes, 6.11KB/sec)
Dec  5 07:17:39 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/processing2.php
uploaded  (659 bytes, 69.99KB/sec)
Dec  5 07:17:39 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/square1x1.gif
uploaded  (43 bytes, 5.15KB/sec)
Dec  5 07:17:40 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/Thumbs.db
uploaded  (7680 bytes, 35.26KB/sec)
Dec  5 07:17:40 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/files/l/validate.htm
uploaded  (7662 bytes, 30.81KB/sec)
Dec  5 07:17:40 server11 pure-ftpd: ([email protected]@187.161.7.167)
[INFO] Can't change directory to /santa/img: No such file or directory
Dec  5 07:17:42 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/img/maximizar.gif
uploaded  (878 bytes, 90.86KB/sec)
Dec  5 07:17:42 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/img/restaurar.gif
uploaded  (880 bytes, 91.78KB/sec)
Dec  5 07:17:42 server11 pure-ftpd: ([email protected]@187.161.7.167)
[INFO] Can't change directory to /santa/jackbe: No such file or directory
Dec  5 07:17:43 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/img/Thumbs.db uploaded
(4096 bytes, 22.29KB/sec)
Dec  5 07:17:45 server11 pure-ftpd: ([email protected]@187.161.7.167)
[NOTICE] /home/fon/public_html/webmaster//santa/jackbe/gc_1.js uploaded
(8035 bytes, 28.54KB/sec)
Dec  5 07:18:43 server11 pure-ftpd: ([email protected]@187.161.7.167)
[INFO] Logout.
Dec  5 07:18:45 server11 pure-ftpd: ([email protected]@187.161.7.167)
[INFO] Logout.
Dec  5 07:31:54 server11 pure-ftpd: ([email protected]@187.161.7.167)
[INFO] Timeout - try typing a little faster next time
^C

To Whom It May Concern:

It has come to our attention that you are hosting a fraudulent "phish"
website that is attempting to steal account information from customers =
of=20
Banco Mercantil Santa Cruz.  The URL of the fraudulent site is as =
follows:=20


http://www.mojsajt.net/webmaster/personas/index.htm

The IP address hosting this phish is 176.9.40.205.

Please investigate and shut down this site immediately. =20

If possible, please send us a copy of any fraudulent files or relevant
excerpts of log files regarding this case.

Should you have any questions, please call us at +1-301-515-0820.
Please include the ticket number, MM# 129761, in all communications on this
issue.

Thank you,

Omer Arslan
MM Ops Center

Note: As part of this action, we request that you redirect traffic to an
educational website provided by the Anti-Phishing Working Group
(APWG) at http://education.apwg.org/r/en/index.html.  Information about
implementing a redirect to this page can be found at
http://education.apwg.org/r/how_to.html.

U pitanju je Joomla 1.0.15. Admin mi kaze da moze biti kako imam instaliran maliciozni software na racunalu no da vjerojatno uzrok moze biti stara verzija Joomle (1.0.15.)
Sto mislite?

Pozdrav!

wooer

Aha, admin je u pravu, kanta ti je zaražena.
UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity
Documentation & Translation Team Member

maleni

Citat: wooer  u 07. Prosinac 2011, 12:36
Aha, admin je u pravu, kanta ti je zaražena.
Znaci imam maliciozni software na racunalu? Ne postoji vjerojatnost da je problem u staroj verziji Joomle?

wooer

Pa, jedino ako si u njoj pohranio svoje ftp pristupne podatke moguće je da je stvar u verziji joomle ali ja i dalje glasam na maliciozni software jer nisi prvi s takvim 'problemom'.
UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity
Documentation & Translation Team Member