Two Tweet Weeks: August 8-21, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Two Tweet Weeks: July 25 – August 7, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Update on redef_colors/createCSS attack: PHP code, Backdoors and osCommerce.
A few days ago, I blogged about the hacker attack that used the BlackHole toolkit and injected “createRSS” and “defs_colors” malicious scripts into legitimate websites. I’ve worked with a few webmasters of infected sites since then and now have some important additional information that I want to share here.
Continue »»
Two Tweet Weeks: January 3 – January 16, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Another Update on the osCommerce .htaccess Hack
The osCommerce .htaccess hack that I wrote about here and here is still quite prevalent.
Some webmasters have problems locating the rogue .htaccess files so I decided to address this issue again.
Continue (some new facts included) »»
Tweet Week: November 15-21, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
StopBadware’s new initiative, Adobe Reader X, osCommerce under attack, … »»
Update on Htaccess Redirects of osCommerce Sites
This is just a short update on the .htaccess redirect attack that I wrote about last month.
I can still see many sites (mainly osCommerce-powered) that redirect search traffic to malicious sites. However, the pattern of the redirect URLs has changed.
continue »»
Htaccess Redirect to Example.ru/dir/index.php
Having read the Sucuri’s article about the kirm-sky .ru attack, I decided to complement it with my own information.
I started to track this website infection back in April. It has been active all these months.
Continue »»
Bety.php Hack. Part 2. Black Hats in Action.
This is the second article about the hacker attack against osCommerce-powered sites. In the first part, you can find the description of the attack along with detection and clean-up instructions. Now I want to show you what exactly hackers did and how they managed to poison Google search results.
The main goal is to demystify hackers and encourage webmasters to explore their own sites. The more you know about hackers, the better you’ll be at protecting your site against their attacks.
This post is based on the files and access logs of three compromised sites that I received from a webmaster who contacted me a couple of weeks ago.
Quick facts
- The attack uses unpatched vulnerability in osCommerce 2.2 that allows an attacker to upload arbitrary files to compromised servers using a security hole in file_manager.php.
- Only one of the three sites actually uses osCommerse (site-1).The rest two sites had been hacked using access gained via the hacked site-1.
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
