Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 19 Jun 2013, 04:57
All times are UTC - 4

 Forum index » Off-Topic Area » Security
SQLinjection attacks are at it again since March 2011.
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
nooby

Joined: 29 Jun 2008
Posts: 9477
Location: SwedenEurope
PostPosted: Sat 02 Apr 2011, 15:44    Post_subject:  SQLinjection attacks are at it again since March 2011.  
I read it now at BBC. Many many sites the whole world over.

Puppy where attacked way back in time so not sure if they are better at it now.
http://www.murga-linux.com/puppy/viewtopic.php?t=25382
Jan 2008

BBC says
Quote:
Hundreds of thousands of websites appear to have been compromised by a massive cyber attack.

The hi-tech criminals used a well-known attack vector that exploits security loopholes on other sites to insert a link to their website.

Those visiting the criminals' webpage were told that their machines were infected with many different viruses.

Swift action by security researchers has managed to get the sites offering the sham software shut down.
Code control

Security firm Websense has been tracking the attack since it started on 29 March. The initial count of compromised sites was 28,000 sites but this has grown to encompass many times this number as the attack has rolled on.

Websense dubbed it the Lizamoon attack because that was the name of the first domain to which victims were re-directed. The fake software is called the Windows Stability Center.

The re-directions were carried out by what is known as an SQL injection attack. This succeeded because many servers keeping websites running do not filter the text being sent to them by web applications.

http://www.bbc.co.uk/news/technology-12933053

So maybe it is wise to look if same loop holes are still possible as the BBC talks about.
_________________

I'm a noob so I use Google Search of Puppy Forum
Back to top
View user's profile Send_private_message 
russoodle


Joined: 12 Sep 2008
Posts: 603
Location: Down-Under in South Oz
PostPosted: Sun 03 Apr 2011, 08:46    Post_subject:  
Hi Nooby Smile

That's interesting, because only a day or two ago i saw that Lizamoon domain in my server logs....there've been several attempts over the past few months to inject what i believe is poisonous code into my site, but i don't use PHP or SQL, so the crackpots take their bat and ball and go away....so far Rolling Eyes
_________________
Every time i hear the word, "exercise", i wash my mouth out with chocolate Cool
http://www.puppylinuxstuff.meownplanet.net/
Puppy Linux Links
Back to top
View user's profile Send_private_message Visit_website 
nooby

Joined: 29 Jun 2008
Posts: 9477
Location: SwedenEurope
PostPosted: Sun 03 Apr 2011, 12:15    Post_subject:  
Yes they started the injection attacks some five or more days ago so the automatic programs may still be running and searching for more sites to inject it to and in three days they had reached some 100,000 sites but as I remember the text says that the owner of the big servers DNS? servers. I guess there are some 11 such that is the most important them kind of shut down the sites that the code linked to so hopefully the malicious code will do not harm?

But I know too little. I only wanted to share that they are at it again and last time 2008 Barry did get affected. This time not so AFAIK.
_________________

I'm a noob so I use Google Search of Puppy Forum
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  


Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

[ Time: 0.0446s ][ Queries: 11 (0.0043s) ][ GZIP on ]