| Author |
Message |
K'
You can win any war if you start a year early
Gender:
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline
|
 Posted: Wed Apr 04, 2007 2:33 pm Post maybe stupid Post subject: Maleware on shanky/server? |
 |
 |
|
|
Looked at http://www.shanky.com/server/staff.html and was requested to approve an activeX element, half a second later ZoneAlarm jumps up with report of:
Exploit.Win32.IMG-ANI.h and Trojan-Dropper.Win32.Agent.bfd
Allegedly involved is 'file[1].jpg' and some obscure random file string.
Could be a false positive or from other source by some fashion, but who knows, might want to do a little in-house sweeping.
|
|
| Back to top |
|
 |
Bak
?ls -s
0 in
Age:26
Gender:
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline
|
|
| Back to top |
|
|
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.
Age:38
Gender:
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline
|
| Posted: Wed Apr 04, 2007 3:00 pm Post maybe stupid Post subject: |
|
|
|
|
Yeah, I got it too, but now I don't anymore. I don't know, did I just infect my windows box?
Nah I didn't.
Why were you reading that page? Trying to bring old, forgotten times back? 
à think it's weird how it pops up, and then it doesn't. Maybe someone's messing with Apache's memory or what?
staffpage2.png - 50.45 KB
File downloaded or viewed 9 time(s)
|
|
| Back to top |
|
|
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.
Age:38
Gender:
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline
|
| Posted: Wed Apr 04, 2007 3:05 pm Post maybe stupid Post subject: |
|
|
|
|
I'll go to Knesselare and beat up whoever's responsible for the host.
I'm still not sure about the sex of this ware, but I guess I don't even want to know if you consider it male.
|
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:41
Gender:
Joined: Aug 01 2002
Posts: 3615
Location: Las Vegas
Offline
|
| Posted: Wed Apr 04, 2007 3:13 pm Post maybe stupid Post subject: |
|
|
|
|
| Solo Ace wrote: | | Maybe someone's messing with Apache's memory or what? |
It is. I've been complaining to the host of that machine for a while that someone is affecting apache. It is nothing I can touch from my end there.
Thus the reason why I moved minegoboom/mineplowers over to my own virtual machine where I get full control over it. I have not heard of any type of memory hacking done with Xen 3 yet, and I doubt any would happen anytime soon when there are so many shared hosts people can just fuck up through apache injections.
I have no plans on moving shanky.com over, because there are lots of subdomains that are hosted, and I never got around to making the box secure enough that I'd grant access to everyone that is being hosted. It wouldn't be too difficult to just have shanky.com/server forwarded to minegoboom.com/server or something such as that. Would this be a good enough solution for you guys?
|
|
| Back to top |
|
|
Confess
Zone Hoster
Joined: Feb 10 2004
Posts: 532
Offline
|
| Posted: Wed Apr 04, 2007 5:43 pm Post maybe stupid Post subject: |
|
|
|
|
Ya, thats a lot better then having it mess up peoples comps.
_________________
I know that I myself cannot do anything, that I will fall, and that I am a sinful man, but I know that I can do ANYTHING through God Almighty, whom strengthens me.
|
|
| Back to top |
|
|
Cerium
Server Help Squatter
Age:43
Gender:
Joined: Mar 05 2005
Posts: 807
Location: I will stab you.
Offline
|
| Posted: Wed Apr 04, 2007 7:05 pm Post maybe stupid Post subject: |
|
|
|
|
Speaking of malware, I noticed something rather odd when checking the Hybrid forums. Every now and then on the main page (hybrid.shanky.com), at the very top there's a link that says "Nothing here" and an image placeholder.
I don't recall adding that and as far as I know, you don't bother editing other people's sites. Moreover, it doesn't appear anywhere in the page source. Any idea what that is?
_________________
There are 7 user(s) ignoring me right now.
|
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:41
Gender:
Joined: Aug 01 2002
Posts: 3615
Location: Las Vegas
Offline
|
| Posted: Wed Apr 04, 2007 7:27 pm Post maybe stupid Post subject: |
|
|
|
|
It is a javascript inserted into the output done by a virus on the machine that is infesting apache. Like I said, I've complained to the host numerous times. We even switched machines, which fixed the problem for a bit.
Shanky.com/server is now redirected to Minegoboom.com/server. You don't need to update any links anywhere, because at some point I'll just move shanky.com onto the mineplowers server, in which case it will just be shanky.com/server again.
|
|
| Back to top |
|
|
Cyan~Fire
I'll count you!
Age:37
Gender:
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline
|
| Posted: Thu Apr 05, 2007 2:20 pm Post maybe stupid Post subject: |
|
|
|
|
Can you get your brother to post more girls while you're at it? 
_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Statistics
Register
Profile
Login to check your private messages
Login
More anti-spam measures 
