 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Stephen Adler wrote: > Today I noticed that someone has uploaded a php file called g00nfish, > which looks to me like some kind of web server exploit code. Anyone know > the origins of such a tool? Hadn't heard of it, but... > The way my web site is structured, there is > no way for that file to be executed, but maybe there's something about > this exploit file that I don't know and I could be vulnerable? You're probably not vulnerable, but your site may be facilitating attacks on other sites. The attacker might be using your site to "launder" his IP, such that an exploit script can be coded to pull from your storage service without the attacker needing to run a server or exposing his IP. (Presumably he is bouncing through anonymous proxies and other exploited machines when he makes outbound connections. Far more convenient to pull files from a known URL rather than trying to serve a file through all those anonymizing mechanisms. That attack script might also run unattended, at some unknown future date, so having a known fixed URL is necessary.) -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
