Author |
Message |
K' You can win any war if you start a year early

Gender: Joined: Jul 13 2006 Posts: 271 Location: Southtown Offline
|
Posted: Wed Apr 04, 2007 2:33 pm Post maybe stupid Post subject: Maleware on shanky/server? |
 |
|
|
|
Looked at http://www.shanky.com/server/staff.html and was requested to approve an activeX element, half a second later ZoneAlarm jumps up with report of:
Exploit.Win32.IMG-ANI.h and Trojan-Dropper.Win32.Agent.bfd
Allegedly involved is 'file[1].jpg' and some obscure random file string.
Could be a false positive or from other source by some fashion, but who knows, might want to do a little in-house sweeping.
|
|
Back to top |
|
 |
Bak ?ls -s 0 in

Age:26 Gender: Joined: Jun 11 2004 Posts: 1826 Location: USA Offline
|
|
Back to top |
|
 |
Solo Ace Yeah, I'm in touch with reality...we correspond from time to time.

Age:37 Gender: Joined: Feb 06 2004 Posts: 2583 Location: The Netherlands Offline
|
Posted: Wed Apr 04, 2007 3:00 pm Post maybe stupid Post subject: |
 |
|
|
|
Yeah, I got it too, but now I don't anymore. I don't know, did I just infect my windows box?
Nah I didn't.
Why were you reading that page? Trying to bring old, forgotten times back?
à think it's weird how it pops up, and then it doesn't. Maybe someone's messing with Apache's memory or what?
staffpage2.png - 50.45 KB
File downloaded or viewed 9 time(s)
|
|
Back to top |
|
 |
Solo Ace Yeah, I'm in touch with reality...we correspond from time to time.

Age:37 Gender: Joined: Feb 06 2004 Posts: 2583 Location: The Netherlands Offline
|
Posted: Wed Apr 04, 2007 3:05 pm Post maybe stupid Post subject: |
 |
|
|
|
I'll go to Knesselare and beat up whoever's responsible for the host.
I'm still not sure about the sex of this ware, but I guess I don't even want to know if you consider it male.
|
|
Back to top |
|
 |
Mine GO BOOM Hunch Hunch What What

Age:41 Gender: Joined: Aug 01 2002 Posts: 3615 Location: Las Vegas Offline
|
Posted: Wed Apr 04, 2007 3:13 pm Post maybe stupid Post subject: |
 |
|
|
|
Solo Ace wrote: | Maybe someone's messing with Apache's memory or what? |
It is. I've been complaining to the host of that machine for a while that someone is affecting apache. It is nothing I can touch from my end there.
Thus the reason why I moved minegoboom/mineplowers over to my own virtual machine where I get full control over it. I have not heard of any type of memory hacking done with Xen 3 yet, and I doubt any would happen anytime soon when there are so many shared hosts people can just fuck up through apache injections.
I have no plans on moving shanky.com over, because there are lots of subdomains that are hosted, and I never got around to making the box secure enough that I'd grant access to everyone that is being hosted. It wouldn't be too difficult to just have shanky.com/server forwarded to minegoboom.com/server or something such as that. Would this be a good enough solution for you guys?
|
|
Back to top |
|
 |
Confess Zone Hoster
Joined: Feb 10 2004 Posts: 532 Offline
|
Posted: Wed Apr 04, 2007 5:43 pm Post maybe stupid Post subject: |
 |
|
|
|
Ya, thats a lot better then having it mess up peoples comps. _________________ I know that I myself cannot do anything, that I will fall, and that I am a sinful man, but I know that I can do ANYTHING through God Almighty, whom strengthens me.
|
|
Back to top |
|
 |
Cerium Server Help Squatter

Age:43 Gender: Joined: Mar 05 2005 Posts: 807 Location: I will stab you. Offline
|
Posted: Wed Apr 04, 2007 7:05 pm Post maybe stupid Post subject: |
 |
|
|
|
Speaking of malware, I noticed something rather odd when checking the Hybrid forums. Every now and then on the main page (hybrid.shanky.com), at the very top there's a link that says "Nothing here" and an image placeholder.
I don't recall adding that and as far as I know, you don't bother editing other people's sites. Moreover, it doesn't appear anywhere in the page source. Any idea what that is? _________________ There are 7 user(s) ignoring me right now.
|
|
Back to top |
|
 |
Mine GO BOOM Hunch Hunch What What

Age:41 Gender: Joined: Aug 01 2002 Posts: 3615 Location: Las Vegas Offline
|
Posted: Wed Apr 04, 2007 7:27 pm Post maybe stupid Post subject: |
 |
|
|
|
It is a javascript inserted into the output done by a virus on the machine that is infesting apache. Like I said, I've complained to the host numerous times. We even switched machines, which fixed the problem for a bit.
Shanky.com/server is now redirected to Minegoboom.com/server. You don't need to update any links anywhere, because at some point I'll just move shanky.com onto the mineplowers server, in which case it will just be shanky.com/server again.
|
|
Back to top |
|
 |
Cyan~Fire I'll count you!

Age:37 Gender: Joined: Jul 14 2003 Posts: 4608 Location: A Dream Offline
|
Posted: Thu Apr 05, 2007 2:20 pm Post maybe stupid Post subject: |
 |
|
|
|
Can you get your brother to post more girls while you're at it?  _________________ This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.
|
|
Back to top |
|
 |
|