On Tue, 15 Jan 2008, crazy frog crazy frog wrote: > nick, > ur not getting my point,the url is techicorner.com/{random string > here},i have already mentioned it in previous posts. > i have read the link sent by denis,and i would have to conclude that: > 1)The problem does not occurs always,instead it occurs randomly based > on IP or something like tht.
In recent kits, it is more likely it is user-agent based. > 2)if u look at the pages on techicorner.com u will not find any > malicious code,so its possible that the server is compromised and its > an LKM > please refer to these links: > http://www.webhostingtalk.com/showthread.php?t=651748 [thanks denis] > > Thanks again everyone for your valuable suggestion,i posted here to > share this stuff with everyone and may be u can learn from it. > > regards, > _CF > > On Jan 15, 2008 12:15 PM, Nick FitzGerald <[EMAIL PROTECTED]> wrote: >> crazy frog crazy frog wrote: >> >>> well, >>> i received many response but no one is perfact.i checked the files and >>> didn't find anything embeded in my scripts or pages.still i have to >>> figure out why my antivirus randomly popsup?i mean most of the times >>> it doesnt detect any infection but then suddenly this thing happnes >>> and then everything seems ok. >>> i dont think its a problem with my script otherwise i could have find >>> the code or it should be repeating consistly.has any one still facing >>> this issue in the techicorner.com or on tubeley.com or on >>> secgeeks.com? >>> >>> let me know i m trying hard to digg this issue. >> >> If you would tell us the _actual_ URL where this behaviour is being >> seen we would have a reasonable chance of actually diagnosing it. As >> it is, we're having to guess based on matching your half-arsed >> descriptions of what you think is happening with our knowledge of what >> has been seen going on out there. >> >> This may surprise you, but many thousands and thousands of sites are >> compromised each day to display "similar" activity to what you've asked >> to us to diagnose (aka "guess"). >> >> If we could look at the actual site and see what is really happening >> should have a better (if not perfect) chance of success. >> >> >> Regards, >> >> Nick FitzGerald >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > advertise on secgeeks? > http://secgeeks.com/Advertising_on_Secgeeks.com > http://newskicks.com > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/