Home page logo
/

basics logo Security Basics mailing list archives

Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack!
From: charlie () funkymunkey com
Date: Thu, 08 Sep 2011 09:51:42 +0100

Hi,

That's isn't 'a' header, its a whole GET request and response. I'm assuming there is a bit of javascript that appears on every page of your site that makes the browser send this GET request. The best option would be to load up your website in a browser and look through the code or look through the code on the web server and find out where that request is coming from. At least you can be sure that nothing malicious is going on from your website as this request is met by a 404 meaning that the supposed malicious script does not exist.

Charlie

Quoting Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com>:

Hi.
Today I found that Kasper Anti Virus has blocked my site and says to
the clients that this site is affected by a Trojan.
At the other hand I usually surf the Internet using Firefox. But today
I used IE to open my own site. But IE tells me following warning:
This page contains content that will not be delivered using a secure
HTTPS connection...
I traced my site with Fiddler debugging toll and I found that each
time I send a request to the site a get request handler is established
to the following URL:
"http://carlos.c0m.li/iframe.php?id=v4pfa24nw91yhoszkdmoh413ywv6cp7";
I've searched about "carlos.c0m.li" in the internet and I saw in
"Google safe Browsing" something about that host in the following URL:
http://google.com/safebrowsing/diagnostic?site=carlos.c0m.li/
Google says that, that host has a maleware. please look at that report
and suggest a way to remove this bad thing from my site.
I've searched most of my public html directory. but I haven't found
any file that makes following http header. I have no idea. How can I
find that?


----- this is header that fiddler detects for every file that I open in my site:
GET /iframe.php?id=v4pfa24nw91yhoszkdmoh413ywv6cp7 HTTP/1.1
Accept: application/x-ms-application, image/jpeg,
application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64;
Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR
3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: carlos.c0m.li


HTTP/1.1 404 Not Found
Date: Wed, 07 Sep 2011 18:42:02 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 233
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html

 ?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------






-------------------------------------------------------------------------------------------------------------------
This message was sent from the FunkyMunkey mail server (mail.funkymunkey.co.uk) If you have any queries/complaints regarding mail sent from this server please direct them to admin () funkymunkey com



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]