Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] g00nfish?



On 05/24/2012 03:53 PM, Tom Metro wrote:
> Stephen Adler wrote:
>> Today I noticed that someone has uploaded a php file called g00nfish,
>> which looks to me like some kind of web server exploit code. Anyone know
>> the origins of such a tool?
> Hadn't heard of it, but...
>
>> The way my web site is structured, there is
>> no way for that file to be executed, but maybe there's something about
>> this exploit file that I don't know and I could be vulnerable?
> You're probably not vulnerable, but your site may be facilitating
> attacks on other sites. The attacker might be using your site to
> "launder" his IP, such that an exploit script can be coded to pull from
> your storage service without the attacker needing to run a server or
> exposing his IP.
>
> (Presumably he is bouncing through anonymous proxies and other exploited
> machines when he makes outbound connections. Far more convenient to pull
> files from a known URL rather than trying to serve a file through all
> those anonymizing mechanisms. That attack script might also run
> unattended, at some unknown future date, so having a known fixed URL is
> necessary.)
>
>   -Tom
>
Interesting. Web site is designed to keep downloads limited and I 
haven't seen any so far for this file. But that's a good point you raise.

Thanks.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org