[AusNOG] Web Injection

Damien Gardner Jnr rendrag at rendrag.net
Tue Jul 8 12:20:53 EST 2014


You'll likely find it's in a .htaccess rewriting via a php file.  Had a few
customer sites with that happen.  Tends to set a cookie, so you'll only see
it on first visit.  Or in a few cases, ONLY web crawlers will see it.  So
visitors will never see it, but google crawler sure will!


On 8 July 2014 12:10, Zone Networks - Joel <joel at zonenetworks.com.au> wrote:

> If you are not seeing the injection in the physical file and modified date
> is pretty old..
>
>
>
> Than sounds like Apache level injection..  you wont see the injection in
> the code as its done at the web server level
>
>
>
>
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Cameron
> Murray
> *Sent:* Tuesday, 8 July 2014 12:03 PM
> *To:* ausnog at ausnog.net
> *Subject:* [AusNOG] Web Injection
>
>
>
> Guys,
>
>
>
> Thought I'd post here to see if anyone else is seeing the injection at the
> very bottom of this site.
>
>
>
> www.jamboree.com.au
>
>
>
> We've tested it from various subnets of ours and some show the injection
> while others don't.
>
>
>
> If you see it we'd be keen to see the path your going and if its via
> peering etc.
>
>
>
> Cheers
>
>
>
> Cameron
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>


-- 

Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net -  http://www.rendrag.net/
--
We rode on the winds of the rising storm,
 We ran to the sounds of thunder.
We danced among the lightning bolts,
 and tore the world asunder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140708/a14feabb/attachment.html>


More information about the AusNOG mailing list