Thread: FTP Hacker
View Single Post
  #18 (permalink)  
Old 07-13-2009, 10:46 PM
konrath's Avatar
konrath konrath is offline
Registered User
  
Join Date: May 2005
Location: Brasil
Posts: 220
konrath is on a distinguished road
[QUOTE=ramzex;541109]Crap!

This is not the iframe method!
We had exact same issues our our customers webservers.
We have investigated this issue and found the following:

Hello

I do not agree with you.

------------------------------
3. Script has modified the passwords of the accounts located in /etc/passwd
------------------------------

The passwords of the customers are not modified.


What I see in this log (sent by sallen812) is exactly what happens to my clients infected with iframe hack.



Thank you
Konrath
Last edited by konrath; 07-13-2009 at 10:49 PM.
Reply With Quote