Home page logo

basics logo Security Basics mailing list archives

Re: There is a strange get request header in all web pages of my site? I'm worry about Trojan attack!
From: Henri Salo <henri () nerv fi>
Date: Thu, 8 Sep 2011 19:11:53 +0300

On Thu, Sep 08, 2011 at 09:51:42AM +0100, charlie () funkymunkey com wrote:
That's isn't 'a' header, its a whole GET request and response. I'm
assuming there is a bit of javascript that appears on every page of
your site that makes the browser send this GET request. The best
option would be to load up your website in a browser and look
through the code or look through the code on the web server and find
out where that request is coming from.
At least you can be sure that nothing malicious is going on from
your website as this request is met by a 404 meaning that the
supposed malicious script does not exist.

No he should NOT go there using normal browser. If this is drive-by attack URL might get to be alive and he would get 
infected. At least I suggest him to disable javascript, but that might not help if URL is using other attack vector 
like vulnerability of PDF-reader or browser. I would like to investigate this issue, but I haven't received URL to the 
web-site even I requested it.

Best regards,
Henri Salo

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]