Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
Maleware on shanky/server?

 
Post new topic   Reply to topic Printable version
 View previous topic  More anti-spam measures Post :: Post Forum Bugs and Problems  View next topic  
Author Message
K'
You can win any war if you start a year early


Gender:Gender:Male
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline

PostPosted: Wed Apr 04, 2007 2:33 pm   Post maybe stupid    Post subject: Maleware on shanky/server? Reply to topic Reply with quote

Looked at http://www.shanky.com/server/staff.html and was requested to approve an activeX element, half a second later ZoneAlarm jumps up with report of:
Exploit.Win32.IMG-ANI.h and Trojan-Dropper.Win32.Agent.bfd
Allegedly involved is 'file[1].jpg' and some obscure random file string.
Could be a false positive or from other source by some fashion, but who knows, might want to do a little in-house sweeping.
Back to top
View users profile Send private message Add User to Ignore List
Bak
?ls -s
0 in


Age:26
Gender:Gender:Male
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline

PostPosted: Wed Apr 04, 2007 2:50 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

there is an image: http://86.39.128.144/download/167212/file.jpg on the page

and the ip address is registered to (http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=86.39.128.144&do_search=Search)

person: Steven Vandewalle
address: Aardenburgse Heerweg 5
address: 9910 Knesselare
address: Belguim

and yields the webhosting service: http://belgon.be/
_________________
SubSpace Discretion: A Third Generation SubSpace Client
Back to top
View users profile Send private message Add User to Ignore List AIM Address
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.


Age:37
Gender:Gender:Male
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline

PostPosted: Wed Apr 04, 2007 3:00 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Yeah, I got it too, but now I don't anymore. I don't know, did I just infect my windows box?

Nah I didn't.

Why were you reading that page? Trying to bring old, forgotten times back? sa_tongue.gif



Ï think it's weird how it pops up, and then it doesn't. Maybe someone's messing with Apache's memory or what?




staffpage2.png - 50.45 KB
File downloaded or viewed 9 time(s)
Back to top
View users profile Send private message Add User to Ignore List
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.


Age:37
Gender:Gender:Male
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline

PostPosted: Wed Apr 04, 2007 3:05 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

I'll go to Knesselare and beat up whoever's responsible for the host. sa_tongue.gif

I'm still not sure about the sex of this ware, but I guess I don't even want to know if you consider it male.
Back to top
View users profile Send private message Add User to Ignore List
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:41
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3615
Location: Las Vegas
Offline

PostPosted: Wed Apr 04, 2007 3:13 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Solo Ace wrote:
Maybe someone's messing with Apache's memory or what?

It is. I've been complaining to the host of that machine for a while that someone is affecting apache. It is nothing I can touch from my end there.

Thus the reason why I moved minegoboom/mineplowers over to my own virtual machine where I get full control over it. I have not heard of any type of memory hacking done with Xen 3 yet, and I doubt any would happen anytime soon when there are so many shared hosts people can just fuck up through apache injections.

I have no plans on moving shanky.com over, because there are lots of subdomains that are hosted, and I never got around to making the box secure enough that I'd grant access to everyone that is being hosted. It wouldn't be too difficult to just have shanky.com/server forwarded to minegoboom.com/server or something such as that. Would this be a good enough solution for you guys?
Back to top
View users profile Send private message Add User to Ignore List Send email
Confess
Zone Hoster


Joined: Feb 10 2004
Posts: 532
Offline

PostPosted: Wed Apr 04, 2007 5:43 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Ya, thats a lot better then having it mess up peoples comps.
_________________
I know that I myself cannot do anything, that I will fall, and that I am a sinful man, but I know that I can do ANYTHING through God Almighty, whom strengthens me.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Cerium
Server Help Squatter


Age:43
Gender:Gender:Male
Joined: Mar 05 2005
Posts: 807
Location: I will stab you.
Offline

PostPosted: Wed Apr 04, 2007 7:05 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Speaking of malware, I noticed something rather odd when checking the Hybrid forums. Every now and then on the main page (hybrid.shanky.com), at the very top there's a link that says "Nothing here" and an image placeholder.

I don't recall adding that and as far as I know, you don't bother editing other people's sites. Moreover, it doesn't appear anywhere in the page source. Any idea what that is?
_________________
There are 7 user(s) ignoring me right now.
Back to top
View users profile Send private message Add User to Ignore List AIM Address
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:41
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3615
Location: Las Vegas
Offline

PostPosted: Wed Apr 04, 2007 7:27 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

It is a javascript inserted into the output done by a virus on the machine that is infesting apache. Like I said, I've complained to the host numerous times. We even switched machines, which fixed the problem for a bit.

Shanky.com/server is now redirected to Minegoboom.com/server. You don't need to update any links anywhere, because at some point I'll just move shanky.com onto the mineplowers server, in which case it will just be shanky.com/server again.
Back to top
View users profile Send private message Add User to Ignore List Send email
Cyan~Fire
I'll count you!
I'll count you!


Age:37
Gender:Gender:Male
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline

PostPosted: Thu Apr 05, 2007 2:20 pm   Post maybe stupid    Post subject: Reply to topic Reply with quote

Can you get your brother to post more girls while you're at it? icon_biggrin.gif
_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> Trash Talk All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 20 page(s) served in previous 5 minutes.

phpBB Created this page in 0.577298 seconds : 35 queries executed (85.4%): GZIP compression disabled