[Nottingham] A Google Webmaster Scam?

Rich Lovely roadierich at googlemail.com
Thu Dec 20 11:21:20 UTC 2012

On 20 December 2012 09:11, Jason Irwin <jasonirwin73 at gmail.com> wrote:

> On 20/12/12 00:22, Martin wrote:
>> Comments and observations welcomed. Sorry for any problems caused by the
>> scumbag infiltrators.
> I would try and identify the payload (it's probably a known
> Wordpress/Apache/PHP/Whatver exploit).  That would hopefully give you more
> clues on how they got in, what to look for and how to prevent it in the
> future.
> "auth.php" sounds like some kind of log-in page.  So did someone upload
> that, navigate to it and then use it to break open the site?
> --
> Jason Irwin
> ______________________________**_________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/**mailman/listinfo/nottingham<https://mailman.lug.org.uk/mailman/listinfo/nottingham>

Sounds like a case for some carefully sandboxed testing... Care to
post the offending file for analysis?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20121220/9aa6158c/attachment-0001.html>

More information about the Nottingham mailing list