life-tablets.cn

JAVASCRIPT IS DISABLED. Please enable JavaScript on your browser to best view this site.

Has anyone else come across the issue of this little malware being entered on their own sites?

“http://life-tablets.cn/tds/index.php”

basically it’s part of a line of code that gets written to read only files that have index.php, and hell they’ve even just written them randomly around directories on the server. I’ve been trying to keep this under control, even to the point of making the index.php files read-only to all, and still those files get altered.

What I want to know is:

How? and where in China are this f*kers operating from?

This is a genuine appeal, please can someone shed some light on how these people are able to get read-only files re-written?

Comments

life-tablets.cn — 6 Comments

The Lord of Leisure on November 4, 2008 at 7:49 pm said:
Thanks for that frank, it’s been quite helpful.
Reply ↓
Frank on October 29, 2008 at 11:01 pm said:
http://www.abuse.ch/?p=454
This guy seems to know alot about how it works, but my german is not good enough to translate all for you. Try google translate if you don’t know german.
Reply ↓
Frank on October 29, 2008 at 10:55 pm said:
Hi,
I had the exact same thing, still figuring out how it happened…
As far as I can see the only way it could have happened to me was by installing a “malicious” wordpress theme. Theme’s are pieces of PHP code, so they could easily include some sad guys code trying to steal passwords or something.
Are you sure someone had been loggin on to your ftp server? Please let me know if you find/know something. This is starting to irritate me, alot.
Thanks, Frank.
Reply ↓
Frank on October 29, 2008 at 10:55 pm said:
Hi,
I had the exact same thing, still figuring out how it happened…
As far as I can see the only way it could have happened to me was by installing a “malicious” wordpress theme. Theme’s are pieces of PHP code, so they could easily include some sad guys code trying to steal passwords or something.
Are you sure someone had been loggin on to your ftp server? Please let me know if you find/know something. This is starting to irritate me, alot.
Thanks, Frank.
Reply ↓
The Lord of Leisure on October 5, 2008 at 12:44 pm said:
Someone from the middle east it appears, did have full access to my ftp area somehow!!
Am currently pursuing this with the provider to find out how the effing hell they could have got my passwords etc from the secure links….
Reply ↓
G on October 5, 2008 at 11:17 am said:
Paul
Read-only files can be altered easily if they have root access to server, but from what it looks like I would say your blog software may have a flaw which allows full access to the file system, thus allowing changes to change read-only and what not.
Very likely a bot
Reply ↓

Lord of Leisure

Due to circumstances beyond our control, lunch is served. Also may contain the ramblings of the Lord of Leisure who generally is confused and asleep.

Like this:

Related

Comments

life-tablets.cn — 6 Comments

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply