I'm more interested in the attack vector than the actual hack... anyone know
how the files actually got replaced? Any chance your both running the same
version of IIS or Apache? Or possibly similar ports available on webservers
etc..
----- Original Message -----
From: Ariany Mizrahi
To: PaulDotCom Security Weekly Mailing List
Sent: Thursday, January 20, 2011 7:46 PM
Subject: Re: [Pauldotcom] Web Server Hacked
We actually just had one of our web servers hacked yesterday around 6:50am.
index.asp was replaced.
Cheers,
Ari
http://www.securityoverflow.net
On Thu, Jan 20, 2011 at 6:53 PM, Mike Smith <[email protected]> wrote:
Hello,
I would like to know if anyone has had a web server attacked using these
files.
1) default.asp
2) index.asp
3) main.asp
4)shell.asp
I have file 1,2,3, but not 4, I do not know if it was successfully
uploaded, then deleted.
Thanks,
Mike
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
------------------------------------------------------------------------------
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
