Hacked by Tugr@

Discussion in 'ProcessGuard' started by johncesta, Jan 4, 2005.

Thread Status:
Not open for further replies.
  1. johncesta

    johncesta Registered Member

    May 20, 2004
    Has anyone heard fo this one? What they do is to copy:

    index.php .cfm .htm .html .asp
    default.php .cfm .htm .html .asp

    to the root folder of every web site.

    I can't find much on it on the web. I thought I had figured it to be an old servu ftp server hack so I upgraded about 3 weeks ago but today upon reboot it happened again.

    Is this something that processgaurd could find running?


    John Cesta
  2. Pilli

    Pilli Registered Member

    Feb 13, 2002
    Hampshire UK
    Hi John, Not unless it requires a .exe to do it. ProcessGuard protects running processes from change, injection and closure and alerts on .exe's starting or when they are changed.
    It sounds like what you describe is a scripting exploit?

  3. heapmiller

    heapmiller Guest

    Where you able to find the hole and get the server back up and running clean?

    It seems we may have been hit with a similar hack, trying to figure out where and what is creating the files.

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.