Brad/dave, Back when it was working the script did little more than insert a link inot the page that sent the user to a tageted "links" site/page... In other words it was a basic spam traffic generator - at least the ones on our sites.
-mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2008 2:08 PM To: CF-Talk Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... For what it's worth, the specific URL that was injected in the sample I saw (http://1.verynx.cn/w.js) doesn't seem to work anymore. The server name doesn't resolve. =============== Yeah, that suck, I was going to dissect it. It appears that DNS is resolving it to 127.0.0.1. I didn't know you could do that. verynx.cn resolves to 121.12.169.186, but it returns a 404 when I submit a GET for w.js. Hmm, some off-shore joint. "Asia Pacific Network Information Centre" owns the IP the domain resolves to. Shows up as possibly being in Bejing, China. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309377 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
