Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Botnet using Plesk vulnerability and takedown
From: kai <kai () rhynn net>
Date: Mon, 10 Jun 2013 02:19:31 +0700

my action supposed to be a counter-measure agains bad guys who could register that domain and host some bad code there. you know that kind of social engineering, right?
- post some fake or real advisory on popular security forum/maillist
- give a link to the "patch"
- ????
- get a lot of roots
i think it will be better to have that link offline - some guys will blindly run your code, then they will find out that it doesn't work and they will get enlightened by reading the code and realizing that they must change the link themselves.

On Sat, 08 Jun 2013 23:50:15 +0700, <jtagtgc () tormail org> wrote:

We put that domain in as example, obviously we not disclose our real
domain. On that domain is the clean.pl script, obvious enough.

Also, thanks to person who register domain, you now have badass domain
name. Perhaps host the clean.pl as final_solution.txt in webroot?

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]