 
Full Disclosure mailing list archives
Re: what is this?
From: "crazy frog crazy frog" <i.m.crazy.frog () gmail com>
Date: Tue, 15 Jan 2008 22:54:45 +0530
nope i dont thnk it has to do with user agent.i have tried with IE,Firefox but nothing.though when u change ip it shows the stuff.so i think its ip based? On Jan 15, 2008 10:52 PM, Gadi Evron <ge () linuxbox org> wrote:
On Tue, 15 Jan 2008, crazy frog crazy frog wrote:nick, ur not getting my point,the url is techicorner.com/{random string here},i have already mentioned it in previous posts. i have read the link sent by denis,and i would have to conclude that: 1)The problem does not occurs always,instead it occurs randomly based on IP or something like tht.In recent kits, it is more likely it is user-agent based.2)if u look at the pages on techicorner.com u will not find any malicious code,so its possible that the server is compromised and its an LKM please refer to these links: http://www.webhostingtalk.com/showthread.php?t=651748 [thanks denis] Thanks again everyone for your valuable suggestion,i posted here to share this stuff with everyone and may be u can learn from it. regards, _CF On Jan 15, 2008 12:15 PM, Nick FitzGerald <nick () virus-l demon co uk> wrote:crazy frog crazy frog wrote:well, i received many response but no one is perfact.i checked the files and didn't find anything embeded in my scripts or pages.still i have to figure out why my antivirus randomly popsup?i mean most of the times it doesnt detect any infection but then suddenly this thing happnes and then everything seems ok. i dont think its a problem with my script otherwise i could have find the code or it should be repeating consistly.has any one still facing this issue in the techicorner.com or on tubeley.com or on secgeeks.com? let me know i m trying hard to digg this issue.If you would tell us the _actual_ URL where this behaviour is being seen we would have a reasonable chance of actually diagnosing it. As it is, we're having to guess based on matching your half-arsed descriptions of what you think is happening with our knowledge of what has been seen going on out there. This may surprise you, but many thousands and thousands of sites are compromised each day to display "similar" activity to what you've asked to us to diagnose (aka "guess"). If we could look at the actual site and see what is really happening should have a better (if not perfect) chance of success. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com
-- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: what is this?, (continued)
- Re: what is this? worried security (Jan 18)
- Re: what is this? Tremaine Lea (Jan 16)
- Re: what is this? scott (Jan 16)
- Re: what is this? reepex (Jan 17)
 
 
 
- Re: what is this? damncon (Jan 16)
- Re: what is this? Valdis . Kletnieks (Jan 17)
 
- Message not available- Re: what is this? crazy frog crazy frog (Jan 14)
- Re: what is this? Nick FitzGerald (Jan 14)
- Re: what is this? crazy frog crazy frog (Jan 15)
- Re: what is this? Gadi Evron (Jan 15)
- Re: what is this? crazy frog crazy frog (Jan 15)
- Re: what is this? worried security (Jan 15)
- Re: what is this? Thomas Pollet (Jan 15)
 
- Re: what is this? Paul Schmehl (Jan 15)
- Re: what is this? Valdis . Kletnieks (Jan 15)
- Re: what is this? worried security (Jan 15)
 


