I was going through my access logs to see what nasties have been thrown at me since the last time.
Amongst the normal enter_your_RFI_exploit_here I saw this script being pushed onto the server:
I was checking out the various RFI (Remote File Inclusion) exploits thrown at my site when I saw an exploit file that was heavily obfuscated. I meddled with the code a bit and got it to reveal the C&C servers:
I just noticed some weird HTTP requests on my site. It seems that someone is trying to exploit a remote file inclusion in some software. Normally I wouldn’t blink my eyes on these, but it seems that the vulnerability is in the PHPSESSID variable. I’ve got no idea which software these belong to though. Here are some examples:
I spotted a nice incoming link regarding The Onion Router (TOR). This time an exit-node was caught modifying SMTP server capabilities, stripping out the TLS capability (encryption) so that connecting clients will be forced to send out everything as clear-text.
The MBR rootkit has been in the news a bit lately. Packing ancient evil, the beast modifies the MBR (Master Boot Record) to bootstrap itself and to rootkit the whole Operating System. Read the rest of this entry »
[quote]
TV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.
The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people’s personal details on two computer discs.
He wanted to prove the story was a fuss about nothing.
But Clarkson admitted he was “wrong” after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.
[/quote]
You can view the whole article here.
The last weeks of the last year were very busy which was seen in lack of posts. I decided to take a little look back at last year to see what all happened. Read the rest of this entry »
After a few news sites picked up the entries on the suspicious TOR nodes I’ve had a few queries on the issue. Read the rest of this entry »
I decided to do some more digging on the TOR network to see whether there really are exit-nodes doing MITM attacks. As a target site, I picked up my home computer that had an SSL enabled server. Read the rest of this entry »
As most, if not everyone, know TOR is a network of proxies designed to give some privacy and anonymity to it’s users. Lately TOR has been in the news for quite a bit since a swedish hacker managed to sniff a huge load of user accounts and passwords belonging to foreign embassies. Read the rest of this entry »