[nsp-sec] again: compromised websites (torpig)
Stephen Gill
gillsr at cymru.com
Wed May 13 11:42:18 EDT 2009
Hi Dirk,
Yeah sorry it is somewhat restrictive in that regard. We could look into
allowing an additional character or two if it is a strong requirement.
Really it's a simple echo to make it easier to parse on client side rather
than having to cross reference output from two scripts and join them
together.
Thanks for all the great data you are providing for cleanup!
-- steve
On 5/13/09 8:19 AM, "Dirk Stander" <dst+nsp-sec at glaskugel.org> wrote:
> ----------- nsp-security Confidential --------
>
> .: Huopio Kauto (Wed, May 13, 2009 at 05:47:56PM +0300)
>> Note there is a slight misprint... the correct infected masasoft URL
>> ends with index.php, not .phppagemotti
>> http://www.masasoft.com/index.phppagemotti | AURIA Auria Oy
>
> thats right, sorry. The original line was:
> http://www.masasoft.com/index.php?page=motti
>
> I guess i fucked it up (or the ip-to-asn service i've been using doesn't
> like chars like `?' or `=')
>
> kind regards, Dirk Stander (1&1) :.
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 630 230 5423 | gillsr at cymru.com
More information about the nsp-security
mailing list