Amiga.org
Amiga News and Community Announcements => Amiga News and Community Announcements => Topic started by: Templario on March 19, 2011, 06:22:15 PM
-
Yes, my surprise was to try to gain access to the topics and instead to open the topic the we is forwarded to one Canadian Neighbor Pharmacy.
-
Yes, my surprise was to try to gain access to the topics and instead to open the topic the we is forwarded to one Canadian Neighbor Pharmacy.
eh ??? :confused:
-
eh ??? :confused:
Now imagine what your locally accented posting style must look like to him :-)
I think he's saying he was surprised to discover he was redirected to a Canadian online pharmacy when he followed a link to a topic on the hollywood (software) forum.
-
eh ??? :confused:
Airsoft Softwair Homepage - Home (http://www.airsoftsoftwair.com/)First class applications for Amiga computers and more. ... presentation editor, and Malibu, a plugin that allows Hollywood to show Scala presentations. ...
http://www.airsoftsoftwair.com/
yep just confirmed it's going to a 'pharmacy' site too:confused:
-
Airsoft Softwair Homepage - Home (http://www.airsoftsoftwair.com/)First class applications for Amiga computers and more. ... presentation editor, and Malibu, a plugin that allows Hollywood to show Scala presentations. ...
http://www.airsoftsoftwair.com/
yep just confirmed it's going to a 'pharmacy' site too:confused:
Ahh... got it now, sorry but I couldn't figure out what Templario was posting about... :)
PS:Just tried the link and never got taken to a pharmacy :confused:
-
Now imagine what your locally accented posting style must look like to him :-).
Whit dya mean aboot ma locully acksented postin style, it's a peece o piss tae understawn if yer evun a wee doad familiar wur ra englush langauge... :)
-
Airsoft Softwair Homepage - Home (http://www.airsoftsoftwair.com/)First class applications for Amiga computers and more. ... presentation editor, and Malibu, a plugin that allows Hollywood to show Scala presentations. ...
www.airsoftsoftwair.com/ (http://www.airsoftsoftwair.com/)
yep just confirmed it's going to a 'pharmacy' site too:confused:
Seems to be fixed now.
-
Whit dya mean aboot ma locully acksented postin style, it's a peece o piss tae understawn if yer evun a wee doad familiar wur ra englush langauge... :)
"u canny put tha breeks ona highland man"
-
u canny'nt change the laws of physics, the laws of physics, the lays of physic... u canny'nt change the laws of physics, cap'tain
-
Hawd oan a wee minut Jim, ah kin feel a song comin oan... :)
[youtube]FCARADb9asE[/youtube]
-
What the hell was that video?! LOL!!
-
Sounds like an XSS (http://en.wikipedia.org/wiki/Cross-site_scripting) "hack" - Comes down to bad sanity checking of user input, allowing the douche attacker to post content that immediately redirects you to another page
-
Hehehe
I remember that song from WAYYYYYYY back!
Never knew there was a video:roflmao:
-
Classic song!
-
eh ??? :confused:
Pero tío, ¿que me estas contando?
-
Sounds like an XSS (http://en.wikipedia.org/wiki/Cross-site_scripting) "hack" - Comes down to bad sanity checking of user input, allowing the douche attacker to post content that immediately redirects you to another page
The problem now is different, but still exists.
The PC hackers don't respect to the computer minorities.
-
What the hell was that video?! LOL!!
National Anthem of Livingston.
-
Unbelievable. I searched for "aros" and got pharmacy spam :hammer:
-
National Anthem of Livingston.
:lol:
Nah... Livingston is the Scottish version of Milton Keynes with twice as many roundabouts... :)
This is Livis National Anthem...
[youtube]LNXHblt025o[/youtube]
PS: I thought everyone had seen The Firms - StarTreking Video... It was Number one int the British charts in 87... :D
-
My Dad was on a course with the union up in Glasgow in 87 and bought me the 7 inch of Star Trekkin while he was there.
-
My Dad was on a course with the union up in Glasgow in 87 and bought me the 7 inch of Star Trekkin while he was there.
Ahh... you Dad must be a very wise man indeed then, Nowhere better to learn about a Trade Union than Glasgow (especially in the Thatcher era) plus he bought you The Firms best (only) ever single... that's what I call a very clever man with good taste...:)
-
Sounds like an XSS (http://en.wikipedia.org/wiki/Cross-site_scripting) "hack" - Comes down to bad sanity checking of user input, allowing the douche attacker to post content that immediately redirects you to another page
Quick analysis of the situation
This most certainly isn't an Cross-Site Scripting (XSS) vulnerability. All non-existing URLs (404) redirect to the spam site as well. No reflected or stored XSS can do that.
The server running the forum hosts gazillion other sites as well: http://www.robtex.com/ip/80.237.132.227.html
After quickly testing the other sites they don't seem to be suffering from the same problem. This leads me to believe that the problem has been contained to hollywood-mal.com alone. If I'd have to guess someone has gained access to the control panel / admin interface used to manage the virtual hosting and has managed to modify either the apache2 config itself or .htaccess or other files.
Ramifications
From the looks of it it does appear that someone is only using the gained access to spam. It however isn't safe to assume this and for instance the phpbb forum user credentials should be considered compromised (that is: everyone should be damned sure they don't use same password elsewhere...). Sure, the passwords are hashed with a pretty good algo these days (salt & slow) but simple passwords are still trivial to crack with wordlists.
Additionally any confidential material (such as private keys, passwords etc) stored on the affected site should be considered tainted.
Incident response
The only reliable way to mitigate the issue would be to try to find out how the takeover / modifications to the site happened. Only then will it be possible to fix the problem and avoid any future takeover. It could be just easily guessable password for the control panel or something as silly. If there are access logs to the control panel / site admin interface those would be my first interest. That failing it'd have to be mapping all possible access points and then trying to find out if there are logs for those, and checking everything.
In the worst case scenario the access point can never be determined (due to missing/ lacking logging for instance) in which case it can be only matter of time before the site gets owned again.
Of course I can't possibly know of the tools, technologies or software used with this hoster or the particular site (except for the phpbb) and much of this is just huge bunch of guesses.
Example of the redirect follows:
$ echo -e 'GET /x HTTP/1.1\r\nHost: www.hollywood-mal.com\r\n\r' | nc www.hollywood-mal.com 80
HTTP/1.1 302 Found
Date: Mon, 21 Mar 2011 14:15:04 GMT
Server: Apache/2.2
Location: http://tabl[censored]eds.com
Content-Length: 285
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://tabl[censored]eds.com">here</a>.</p>
<hr>
<address>Apache/2.2 Server at www.hollywood-mal.com Port 80</address>
</body></html>