i suggest you password protect the malware. i've seen people abuse sites like yours by pointing RFI attacks at the malware locations so people are attacked and blame the site owner. a zip file with the password 'infected' is the industry standard.
A On Thu, Jul 4, 2013 at 11:00 AM, Adrian Crenshaw <[email protected]>wrote: > I'm prepping to give my Webshells talk again at OISF and TakeDownCon > Rocket City. I like to update things if I give a talk more than once, so I > enhanced my script to save an archived copy of the webshells in a zip file > so even if the infected host cleans it up (which they really should), it > can be examined later. Let me know if I did this in an insecure way to save > the files. > > http://www.irongeek.com/i.php?page=webshells-and-rfis > > One precaution I took was to limit the saving of webshells to about 1MB. > I'm also hoping malware/search engines don't start listing me as hosting > malware, which technically I am, but for teaching purposes. > -- > "The ability to quote is a serviceable substitute for wit." ~ W. Somerset > Maugham > "The ability to Google can be a serviceable substitute for technical > knowledge." ~ Adrian D. Crenshaw > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- _________________________________ Note to self: Pillage BEFORE burning.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
