At the time of the attack the server info was: Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727
We could not find the shell.asp file anywhere or any sign that it was placed there. We do still have the index.asp file that was the page being displayed when the site was defaced. Whether these two attacks are related is still unknown. If you'd like to see the contents of the index file I'll gladly either attach it to this thread if it's allowed or paste the code in the body. Cheers, Ari http://www.securityoverflow.net On Thu, Jan 20, 2011 at 11:39 PM, Timothy Ouellette <[email protected]>wrote: > I'm more interested in the attack vector than the actual hack... anyone > know how the files actually got replaced? Any chance your both running the > same version of IIS or Apache? Or possibly similar ports available on > webservers etc.. > > ----- Original Message ----- > *From:* Ariany Mizrahi <[email protected]> > *To:* PaulDotCom Security Weekly Mailing List<[email protected]> > *Sent:* Thursday, January 20, 2011 7:46 PM > *Subject:* Re: [Pauldotcom] Web Server Hacked > > We actually just had one of our web servers hacked yesterday around 6:50am. > index.asp was replaced. > > > Cheers, > > Ari > http://www.securityoverflow.net > > > On Thu, Jan 20, 2011 at 6:53 PM, Mike Smith <[email protected]> wrote: > >> Hello, >> >> I would like to know if anyone has had a web server attacked using these >> files. >> >> 1) default.asp >> 2) index.asp >> 3) main.asp >> 4)shell.asp >> >> I have file 1,2,3, but not 4, I do not know if it was successfully >> uploaded, then deleted. >> >> Thanks, >> >> Mike >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > ------------------------------ > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
