NYCPHP Meetup

NYPHP.org

[nycphp-talk] Need some understanding about a hacker attack...

mikesz at qualityadvantages.com mikesz at qualityadvantages.com
Sun Oct 12 09:47:52 EDT 2008 

Hello David,

Sunday, October 12, 2008, 8:13:41 PM, you wrote:

> mikesz at qualityadvantages.com wrote:
>> That was the part that floored me. They threw it out there with NO other 
>> justification or ANY evidence to support their assumption, nothing and 
>> in a really, really nonchalant tone which bugged me even more. Actually, 
>> they did refer to the folders in the product that require write access 
>> to do things like realtime image conversions and uploads, but definitely 
>> NO, "we found a hacker using such and such folder" nothing like that and 
>> as I mentioned the exploited folder was and is read only so that was 
>> another red herring they threw at me.

> Maybe it was not a hack, but the hoster who rededicated your server space to
> someone else to rake in some more dough (pure speculation). Can you let us
> know who that hosting company is?

> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3515 (20081011) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com


Infrenion.

That would really, really suck and I can see the plausibility of it
too. I thought that it was weird that ONLY that folder on my site was
owned by the UNIX system.

I did a search on the "path" that the bad guys are still using to
pound my site and that folder that is gone now and get thousands of
error, not to mention my error log filling up with 304s and 403s

"Results 11 - 20 of about 27,600 for /xml/odg/."

 They are all referencing warning messages/conditions from trying to
 access the junk that was but no longer on my site.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com

More information about the talk mailing list