this is a bit off-topic but
we had one of our servers last night have the ebay spoof page loaded on it.
Anyone have info as to how this gets loaded and, more imporantly how to keep it
from happening?
The only things I found was the htm page that was referenced in the spam e-mail
and a folder
Bob,
If they had a folder on a desktop, you have to assume that your server
was hacked, rooted, and your account was exploited. The safest thing to
do would be to change all of your administrative passwords everywhere on
your network, and rebuild that server from a formatted disk. You could
Bob, drop an email to the handler on duty at http://isc.sans.org/ for
some general advice. They may also have some specific reference to
point you to regarding a vulnerability or they may recognize the modus
operandi of what you saw. I don't recognize it, myself.
Generally speaking, your best