« Bill 44 Passes Second ReadingDeMille Technical Books Is Still Alive! »

Hack Attack


  12:08:26 am, by Nimble   , 265 words  
Categories: Internet, Spamming

Hack Attack

A hearty thank you to the folks who do my hosting for catching this.

A hacker or script kiddie managed to upload a somewhat nasty-looking package into my cgi-bin directory. I haven't thoroughly investigated the code yet, but from the looks of it, the intention was either that any time the system tried to run an automated backup, it would send atrocious amounts of spam, or if someone typed in the url plus backup.cgi, it would give a direct-mailing interface, which would allow someone to send atrocious amounts of spam.

I'm leaning towards the latter possibility, because there is a "flood" mode in the script.

The script itself self-identifies as being made by "YellSOFT" and perhaps being called "GoldeR". (I can't seem to get the text to show up in Russian to get it translated)

The package also contains text files filled with alternative greetings (e.g. HI, Dear, Sorry if you not us), declarations of you-like-nudism (e.g. The favourite a nudism site of your friend invites you.), lists of unsubscribe messages, spamvertised redirection web sites (often using a /video or /private directory on someone else's web site), and a giant list, in a file called f.txt, of faked From: e-mail addresses.

Thank you oh so very much, you bottom-feeders.

As for my part, off I go to inform each and every one of those sites of the presence of the redirection page. I don't know how much I can hope for, but maybe I can help knock off a few. As I write this, all nine sites have the redirector page.

No feedback yet