Our server costs ~$56 per month to run. Please consider donating or becoming a Patron to help keep the site running. Help us gain new members by following us on Twitter and liking our page on Facebook!
Current time: November 20, 2024, 1:04 am

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Mutating code!!
#1
Mutating code!!
Why would this file that exists on my server and only I have access to...

Code:
<HTML>
<HEAD>
<TITLE>The Naughty Corner</TITLE>
</HEAD>

<BODY bgcolor="#999999">

<style type="text/css">

<!--
#modalContainer {
    background-color:transparent;
    position:absolute;
    width:100%;
    height:100%;
    top:0px;
    left:0px;
    z-index:10000;
    background-image:url(tp.png); /* required by MSIE to prevent actions on lower z-index elements */
}

#alertBox {
    position:relative;
    width:367px;
    min-height:150px;
    margin-top:50px;
    border:2px solid #000;
    background-color:#dddddd;
    background-image:url(kyu.jpg);
    background-repeat:no-repeat;
    background-position:4px 50px;
}

#modalContainer > #alertBox {
    position:fixed;
}

#alertBox h1 {

    margin:0;
           height:40px;
           background-image:url(aatitle.gif);
           background-repeat:no-repeat;
           background-position:0px 0px;
    border-bottom:1px solid #000;
    padding:2px 0 2px 5px;
}

#alertBox p {

    font:0.7em verdana,arial;
    height:50px;
    padding-left:5px;
    margin-left:80px;
}



#alertBox #closeBtn {

    display:block;
    position:relative;
    margin:5px auto;
    padding:3px;
    border:1px solid #000;
    width:70px;
    font:0.7em verdana,arial;
    text-transform:uppercase;
    text-align:center;
    color:#FFF;
    background-color:#78919B;
    text-decoration:none;
}

-->

</style>

<script type="text/javascript" src="customAlertBox.js"></script>
<script language="JavaScript">

<!--

...And it goes on for a while...

Suddenly and without any help from me, turn into this..

Code:
DPbBfs  <a href="http://jrxiihmawjrm.com/">jrxiihmawjrm</a>, [url=http://cmzsqilvjtqw.com/]cmzsqilvjtqw[/url], [link=http://jyowdcuweyje.com/]jyowdcuweyje[/link], http://oamsptprmgbq.com/

I did a google check on dpbbfs and found one other site with a comment in its guestbook that looked exactly the same Dodgy
[Image: cinjin_banner_border.jpg]
Reply
#2
RE: Mutating code!!
(February 20, 2010 at 3:52 pm)Darwinian Wrote: Why would this file that exists on my server and only I have access to...
...Suddenly and without any help from me, turn into this..

Code:
DPbBfs  <a href="http://jrxiihmawjrm.com/">jrxiihmawjrm</a>, [url=http://cmzsqilvjtqw.com/]cmzsqilvjtqw[/url], [link=http://jyowdcuweyje.com/]jyowdcuweyje[/link], http://oamsptprmgbq.com/

I did a google check on dpbbfs and found one other site with a comment in its guestbook that looked exactly the same Dodgy
The only thing I've noticed out of the ordinary is that you're still using <script language="JavaScript">, there's no attribute "language" as it is now deprecated.

Its been outdated for a while now, said attributes were kept around for backward browser compatibility, but I rarely see them nowadays so I'm assuming they've been dropped together with some elements too. Not to mention the self-proclaimed Linux boffins I knew at college regarded it as poor coding practice.

Code:
</style>

<script type="text/javascript" src="customAlertBox.js"></script>
<script language="JavaScript">

<!--

...And it goes on for a while...
I would try just sticking with <script type="text/javascript"> and drop the second line to see if there's any improvement. :]
Reply
#3
RE: Mutating code!!
But that wouldn't actually change the file would it?
[Image: cinjin_banner_border.jpg]
Reply
#4
RE: Mutating code!!
Does the file change immediately/ is it manipulated externally do you think?
Reply
#5
RE: Mutating code!!
Don't know. It's only happened the once to my knowledge but it's still wierd. It's a bit like uploading a picture of your family called family.jpg and then comming back a while later to discover that the same file now shows a picture of a squid :S
[Image: cinjin_banner_border.jpg]
Reply
#6
RE: Mutating code!!
Is it possible the server was hacked?
Reply
#7
RE: Mutating code!!
Possibly, but why just change one obscure file to something like that? Makes no sense :S
[Image: cinjin_banner_border.jpg]
Reply
#8
RE: Mutating code!!
Permissions on it? Maybe an indicator of something more going on?
Reply
#9
RE: Mutating code!!
Perhaps that file was changed by a virus or hacker of some sort in order to serve some purpose such as a backdoor or something with the hopes that you would not notice just that obscure file.
Has anyone really been far even as decided to use even go want to do look more like?

"Giving money and power to government is like giving whiskey and car keys to teenage boys" - P.J. O'Rourke

"Being powerful is like being a lady. If you have to tell people you are, you aren't." - Margaret Thatcher

"Nothing succeeds like the appearance of success." - Christopher Lasch

Reply
#10
RE: Mutating code!!
The problem with that suggestion is that (a) the replacement isn't an executable file (i.e. it doesn't do anything, so a backdoor is impossible), and (b) in order to replace the file in the first place, the virus / hacker would have to have access to the system, which means there isn't any need for a backdoor.

I also assume this is a Linux server? If so, the chances of it being a virus are non-existent, and the chances of it being some sort of file execution is also unlikely. The only real explanation is that you had some externally accessible script that someone exploited...whether intentionally or not.
Reply



Possibly Related Threads...
Thread Author Replies Views Last Post
  Code Blue... Gawdzilla Sama 14 1456 October 27, 2017 at 5:57 pm
Last Post: Gawdzilla Sama
  Adjustments to the penal code. Gawdzilla Sama 6 1029 October 19, 2017 at 3:02 pm
Last Post: Gawdzilla Sama
  Code Words/Phrases brewer 21 3339 July 5, 2016 at 10:19 pm
Last Post: Losty
  new dress code at work mostlysilent 13 3950 September 23, 2013 at 7:21 am
Last Post: mostlysilent



Users browsing this thread: 1 Guest(s)