[nycphp-talk] worm/virus's hammering feedback scripts?
Rolan Yang
rolan at omnistep.com
Sun Sep 11 15:57:35 EDT 2005
Thanks everyone for your help. I checked my web logs and it does indeed
appear that the script was exploitable. Lucky for me, the only
unauthorized email was sent to "jrubin3546 at aol.com" That email appears
to be a probe used by the spambot to verify exploitable websites. I
would imagine the hacker wrote some sort of script that queried google
for "contactphp" or "feedback.php", harvested the results into a list
which was then sent out to a botnet to probe for vulnerable scripts and
collect the results via a list of free aol accounts. Do a search for the
email above on google and you will find thousands of results. Many of
them are the results in blog/feedback pages in which attempts have been
made to hack them.
There should be a large warning put out about this (perhaps I missed the
bulletin?). I have not seen any spam being sent out from my servers, but
I'm sure in time the hacker/spammer will do so.
~Rolan
More information about the talk
mailing list