[ale] Potentially OT of Hiacked Web Server?

Greg Clifton gccfof5 at gmail.com
Tue Mar 23 23:30:37 EDT 2010


It seems to be a hack of the site, as others computers get a flag when they
try to go to the control panel ULR as well. Trend Micro has not flagged
anything on my computer, it only blocks the redirect to the ru site. The
public face of the program loads with no problem, but when we go to the
management control panel URL we get blocked by Trend or AVG. We are using
Product Cart e commerce software (windows ASP based). I was suspecting a SQL
Injection attack as Scott C mentioned earlier today regarding his debit
card. The good news is that we haven't launched the site yet. But the
question is what do we do to fix it?

On Tue, Mar 23, 2010 at 8:17 PM, Mike Harrison <meuon at geeklabs.com> wrote:

> > Trend Security Agent Notification Message:
> >
> http://ovh-net.ucoz.ru.monster-com.yourblenderparts.ru:8080/mininova.org/mininova.orh/hp.com/google.com/w3schools.com.php
> > Result = Blocked
> >
> > So it would appear that the Rushkies have hijacked our control panel,
> > correct?
> > Yes, this IS Windows based software. Any suggestions, other than dumping
> the
> > software--sorry, but the boss won't want to hear that.
>
> It could be either the control panel (less likely) or your computer (more
> likely) and my guess is the payload of the web post might even include
> your login credentials to your control panel.
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100323/aa9ce7c0/attachment.html 


More information about the Ale mailing list