[nsp-sec] DDoS: Compromised web servers: 20121010
Serge Droz
serge.droz at switch.ch
Thu Oct 11 16:28:33 EDT 2012
Hi Nick, All
I put together a little script, that checks if the page returns a 200
for all the ASNs I care. It reads in the files you send and outputs
the URLs that answer with a 200 Ok and are the specified ASNs.
Use at your own risk.
Cheers
Serge
On 10/11/2012 05:14 PM, Nick Ianelli wrote:
> ----------- nsp-security Confidential --------
>
> Yes, that would work. I don't know if all compromised web servers go
> updated, so if you see "itsoknoproblembro" returned, that's also a
> sign of active infection.
>
> Nick
>
--
SWITCH
Serving Swiss Universities
--------------------------
Serge Droz, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check_url.py
Type: text/x-python
Size: 1564 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20121011/69c04310/attachment-0001.py>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20121011/69c04310/attachment-0001.sig>
More information about the nsp-security
mailing list