Attack

Russian Hacker Group? SoakSoak.ru malicious site & code injections

SoakSoak will serve pages that attempt to infiltrate your users' computers, stealing their data!

Last week, Wordpress sites worldwide were hacked with the following simple line of code:

http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Let's not go into details here and now, but if you have an old version of the "Revolution Slider" installed you better grep around for the following string:

Tags: 

Drupal Sites Hacked Worldwide in October 2014

Security Exploit revealed in October allows total control of YOUR Drupal site

In mid-October Drupal announced a serious defect in the Database Abstraction Layer allowing guest users to gain full access to a site and server. The security noticed can be found at the FAQ on SA-CORE-2014-005 on the Drupal website.

This exploit creates the ability for attackers to place their own PHP files on your server for remote execution, or to inject their own code into pre-existing files.

Ways to detect a breached system - and steps to remediate:


Look for files with a datestamp in October 2014

If you didn't upload any new versions or modules in October 2014, there should be no php or include files with these datestamps. Use the Linux FIND command to find files last edited on or after October 1st, 2014 and then check those files.

Locate files with PCT4BA6ODSE_ in them

Tags: 

Subscribe to RSS - Attack