[En-Nut-Discussion] www.ethernut.de hacked
Harald Kipp
harald.kipp at egnite.de
Wed Oct 20 14:57:19 CEST 2010
On 20.10.2010 10:24, uprinz2 at netscape.net wrote:
> Ok, the wiki is still down :(
Yesterday the attacking host
66-214-241-168.dhcp.gldl.ca.charter.com [66.214.241.168]
logged in via ftp, transfered a few files and disconnected within 1
minute. The logs showed no previously successful brute force attack. I
assume that the attacker retrieved the password using a different
method. Actually one of our company PCs had been infected some weeks ago.
The attacker placed an iframe and a refresh tag to
eftpsidXXXXXXX.ru/contacts/s3
(XXXXXXX is a varying decimal number)
in several existing and new html files. The new files were named
red.html, red1.html and so on.
After removing the modifications, changing the password and shutting
down ftp access, ethernut.de is up and running again.
Regards,
Harald
More information about the En-Nut-Discussion
mailing list