 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 05/24/2012 03:53 PM, Tom Metro wrote: > Stephen Adler wrote: >> Today I noticed that someone has uploaded a php file called g00nfish, >> which looks to me like some kind of web server exploit code. Anyone know >> the origins of such a tool? > Hadn't heard of it, but... > >> The way my web site is structured, there is >> no way for that file to be executed, but maybe there's something about >> this exploit file that I don't know and I could be vulnerable? > You're probably not vulnerable, but your site may be facilitating > attacks on other sites. The attacker might be using your site to > "launder" his IP, such that an exploit script can be coded to pull from > your storage service without the attacker needing to run a server or > exposing his IP. > > (Presumably he is bouncing through anonymous proxies and other exploited > machines when he makes outbound connections. Far more convenient to pull > files from a known URL rather than trying to serve a file through all > those anonymizing mechanisms. That attack script might also run > unattended, at some unknown future date, so having a known fixed URL is > necessary.) > > -Tom > Interesting. Web site is designed to keep downloads limited and I haven't seen any so far for this file. But that's a good point you raise. Thanks.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
