I fire up an HTTP debugging proxy so I can inspect the raw traffic, and reload the page
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
test please delete
Collapse
This is a sticky topic.
X
X
Collapse
-
-
A plethora of illicit requests lead me to a page, hidden in an iframe, which embeds further iframes, which ultimately lead to a page which shows pictures of young ladies in compromising (and rather uncomfortable) positions with their gentlemen friends, and also attempts to download large amounts of malware
(Good thing I use a Mac )Comment
-
But although I am safe, others less fortunate (i.e. Windows users) who visit my site - my site - are at risk from this garbage
Looks like I'm not going straight back to bedComment
-
First things first.
I fire up my FTP client and download a complete copy of the server contents.
I add this to a new project in Eclipse, and search for the topmost dodgy domain name that load all of the others.
Not foundComment
-
Time to examine the database.
I download a backup of the database, then use the admin tool to examine the relevant post.
BINGO! The <p><iframe src="..." width=1 height=1></p> is at the bottom of the actual post text in the database...Comment
-
-
-
The database tells me when the post was last modified: 10 November... two weeks ago come Saturday.
I download the web server logs...Comment
-
There, at around the right time (allowing a second or two here and there for Apache and mySQL having slightly different ideas about the exact time) is what I'm looking for: an HTTP POST to /wp-admin/post.php?action=editComment
-
Further examination shows that the evil one who has done this has, apparently, browsed to my site's admin login page, logged in first time, edited the post, and saved the changes
All this using Opera 9 with a default language setting of "ru"... this is the HTTP equivalent of having snow on your bootsComment
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- An IR35 bill of £19m for National Resources Wales may be just the tip of its iceberg Nov 7 09:20
- Micro-entity accounts: Overview, and how to file with HMRC Nov 6 09:27
- Will HMRC’s 9% interest rate bully you into submission? Nov 5 09:10
- Business Account with ANNA Money Nov 1 15:51
- Autumn Budget 2024: Reeves raids contractor take-home pay Oct 31 14:11
- How Autumn Budget 2024 affects homes, property and mortgages Oct 31 09:23
- Autumn Budget 2024: Reeves raids contractor take-home pay Oct 31 09:20
- Autumn Budget 2024: Umbrella companies hit, Employer NICs hiked, and BADR heading for 18% Oct 30 16:54
- Autumn Budget 2024: chancellor’s full speech Oct 30 16:34
- RecExpo got told this about Labour’s Employment Rights Bill… Oct 30 09:10
Comment