I fire up an HTTP debugging proxy so I can inspect the raw traffic, and reload the page
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
test please delete
Collapse
This is a sticky topic.
X
X
Collapse
-
-
A plethora of illicit requests lead me to a page, hidden in an iframe, which embeds further iframes, which ultimately lead to a page which shows pictures of young ladies in compromising (and rather uncomfortable) positions with their gentlemen friends, and also attempts to download large amounts of malware
(Good thing I use a Mac )Comment
-
But although I am safe, others less fortunate (i.e. Windows users) who visit my site - my site - are at risk from this garbage
Looks like I'm not going straight back to bedComment
-
First things first.
I fire up my FTP client and download a complete copy of the server contents.
I add this to a new project in Eclipse, and search for the topmost dodgy domain name that load all of the others.
Not foundComment
-
Time to examine the database.
I download a backup of the database, then use the admin tool to examine the relevant post.
BINGO! The <p><iframe src="..." width=1 height=1></p> is at the bottom of the actual post text in the database...Comment
-
-
-
The database tells me when the post was last modified: 10 November... two weeks ago come Saturday.
I download the web server logs...Comment
-
There, at around the right time (allowing a second or two here and there for Apache and mySQL having slightly different ideas about the exact time) is what I'm looking for: an HTTP POST to /wp-admin/post.php?action=editComment
-
Further examination shows that the evil one who has done this has, apparently, browsed to my site's admin login page, logged in first time, edited the post, and saved the changes
All this using Opera 9 with a default language setting of "ru"... this is the HTTP equivalent of having snow on your bootsComment
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- When HMRC misses an FTT deadline but still wins another CJRS case Today 09:20
- How 15% employer NICs will sting the umbrella company market Yesterday 09:16
- Contracting Awards 2024 hails 19 firms as best of the best Nov 18 09:13
- How to answer at interview, ‘What’s your greatest weakness?’ Nov 14 09:59
- Business Asset Disposal Relief changes in April 2025: Q&A Nov 13 09:37
- How debt transfer rules will hit umbrella companies in 2026 Nov 12 09:28
- IT contractor demand floundering despite Autumn Budget 2024 Nov 11 09:30
- An IR35 bill of £19m for National Resources Wales may be just the tip of its iceberg Nov 7 09:20
- Micro-entity accounts: Overview, and how to file with HMRC Nov 6 09:27
- Will HMRC’s 9% interest rate bully you into submission? Nov 5 09:10
Comment