life-tablets.cn
Has anyone else come across the issue of this little malware being entered on their own sites?
“http://life-tablets.cn/tds/index.php”
basically it’s part of a line of code that gets written to read only files that have index.php, and hell they’ve even just written them randomly around directories on the server. I’ve been trying to keep this under control, even to the point of making the index.php files read-only to all, and still those files get altered.
What I want to know is:
How? and where in China are this f*kers operating from?
This is a genuine appeal, please can someone shed some light on how these people are able to get read-only files re-written?
Thanks for that frank, it’s been quite helpful.
http://www.abuse.ch/?p=454
This guy seems to know alot about how it works, but my german is not good enough to translate all for you. Try google translate if you don’t know german.
Hi,
I had the exact same thing, still figuring out how it happened…
As far as I can see the only way it could have happened to me was by installing a “malicious” wordpress theme. Theme’s are pieces of PHP code, so they could easily include some sad guys code trying to steal passwords or something.
Are you sure someone had been loggin on to your ftp server? Please let me know if you find/know something. This is starting to irritate me, alot.
Thanks, Frank.
Hi,
I had the exact same thing, still figuring out how it happened…
As far as I can see the only way it could have happened to me was by installing a “malicious” wordpress theme. Theme’s are pieces of PHP code, so they could easily include some sad guys code trying to steal passwords or something.
Are you sure someone had been loggin on to your ftp server? Please let me know if you find/know something. This is starting to irritate me, alot.
Thanks, Frank.
Someone from the middle east it appears, did have full access to my ftp area somehow!!
Am currently pursuing this with the provider to find out how the effing hell they could have got my passwords etc from the secure links….
Paul
Read-only files can be altered easily if they have root access to server, but from what it looks like I would say your blog software may have a flaw which allows full access to the file system, thus allowing changes to change read-only and what not.
Very likely a bot