[nsp-sec] DDoS: Compromised web servers
Dave Burke
dave at amazon.com
Wed Sep 26 07:51:22 EDT 2012
ACK 38895 & 14618, sent to abuse teams for cleanup.
Thanks Nick!
On Sep 25, 2012, at 6:46 PM, Nick Ianelli wrote:
> ----------- nsp-security Confidential --------
>
> Attached is a list being tracked by the malicious actors of 6206
> compromised web servers. Some of these have already been notified and
> cleaned up, for the others please distribute as you see fit. Prior to
> distribution please remove any list or personally identifiable
> information from it.
>
>
> In addition to indx.php, the following files may exist in the same
> directory:
>
> stcp.php
> stip.php
> stph.php
> classtyle.php
> classtyle2.php
>
> The following URL discusses some of the issues at play here, but I
> don't believe all are Joomla compromises:
>
> http://forum.joomla.org/viewtopic.php?t=737503
>
> In working with your constituency, if you were able to obtain the
> files listed above (and any other files in the same directory) as well
> as any web access logs specific to the files listed above, I would be
> extremely interested and eternally grateful.
>
> Any questions, let me know.
,
Amazon Data Services Ireland Limited registered office: Riverside One, Sir John Rogerson's Quay, Dublin 2, Ireland. Registered in Ireland. Registration number 390566.
More information about the nsp-security
mailing list