<<< Date Index >>>     <<< Thread Index >>>

Re: [Full-disclosure] what is this?



nope i dont thnk it has to do with user agent.i have tried with
IE,Firefox but nothing.though when u change ip it shows the stuff.so i
think its ip based?

On Jan 15, 2008 10:52 PM, Gadi Evron <ge@xxxxxxxxxxxx> wrote:
> On Tue, 15 Jan 2008, crazy frog crazy frog wrote:
> > nick,
> > ur not getting my point,the url is techicorner.com/{random string
> > here},i have already mentioned it in previous posts.
> > i have read the link sent by denis,and i would have to conclude that:
> > 1)The problem does not occurs always,instead it occurs randomly based
> > on IP or something like tht.
>
> In recent kits, it is more likely it is user-agent based.
>
>
> > 2)if u look at the pages on techicorner.com u will not find any
> > malicious code,so its possible that the server is compromised and its
> > an LKM
> > please refer to these links:
> > http://www.webhostingtalk.com/showthread.php?t=651748 [thanks denis]
> >
> > Thanks again everyone for your valuable suggestion,i posted here to
> > share this stuff with everyone and may be u can learn from it.
> >
> > regards,
> > _CF
> >
> > On Jan 15, 2008 12:15 PM, Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx> wrote:
> >> crazy frog crazy frog wrote:
> >>
> >>> well,
> >>> i received many response but no one is perfact.i checked the files and
> >>> didn't find anything embeded in my scripts or pages.still i have to
> >>> figure out why my antivirus randomly popsup?i mean most of the times
> >>> it doesnt detect any infection but then suddenly this thing happnes
> >>> and then everything seems ok.
> >>> i dont think its a problem with my script otherwise i could have find
> >>> the code or it should be repeating consistly.has any one still facing
> >>> this issue in the techicorner.com or on tubeley.com or on
> >>> secgeeks.com?
> >>>
> >>> let me know i m trying hard to digg this issue.
> >>
> >> If you would tell us the _actual_ URL where this behaviour is being
> >> seen we would have a reasonable chance of actually diagnosing it.  As
> >> it is, we're having to guess based on matching your half-arsed
> >> descriptions of what you think is happening with our knowledge of what
> >> has been seen going on out there.
> >>
> >> This may surprise you, but many thousands and thousands of sites are
> >> compromised each day to display "similar" activity to what you've asked
> >> to us to diagnose (aka "guess").
> >>
> >> If we could look at the actual site and see what is really happening
> >> should have a better (if not perfect) chance of success.
> >>
> >>
> >> Regards,
> >>
> >> Nick FitzGerald
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >
> >
> > --
> > advertise on secgeeks?
> > http://secgeeks.com/Advertising_on_Secgeeks.com
> > http://newskicks.com
> >
>



-- 
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com