<div dir="ltr">We thought that so fired up the phone on the company wifi and browsed and saw the Injection then disabled the wifi and tested on 4g and refreshed the browser and it was gone.</div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Tue, Jul 8, 2014 at 12:20 PM, Damien Gardner Jnr <span dir="ltr"><<a href="mailto:rendrag@rendrag.net" target="_blank">rendrag@rendrag.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">You'll likely find it's in a .htaccess rewriting via a php file. Had a few customer sites with that happen. Tends to set a cookie, so you'll only see it on first visit. Or in a few cases, ONLY web crawlers will see it. So visitors will never see it, but google crawler sure will!</div>
<div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On 8 July 2014 12:10, Zone Networks - Joel <span dir="ltr"><<a href="mailto:joel@zonenetworks.com.au" target="_blank">joel@zonenetworks.com.au</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div lang="EN-AU" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">If you are not seeing the injection in the physical file and modified date is pretty old..<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Than sounds like Apache level injection.. you wont see the injection in the code as its done at the web server level<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf Of </b>Cameron Murray<br>
<b>Sent:</b> Tuesday, 8 July 2014 12:03 PM<br><b>To:</b> <a href="mailto:ausnog@ausnog.net" target="_blank">ausnog@ausnog.net</a><br><b>Subject:</b> [AusNOG] Web Injection<u></u><u></u></span></p><div><div><p class="MsoNormal">
<u></u> <u></u></p><div><p class="MsoNormal">Guys,<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Thought I'd post here to see if anyone else is seeing the injection at the very bottom of this site.<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><a href="http://www.jamboree.com.au" target="_blank">www.jamboree.com.au</a><u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p>
</div><div><p class="MsoNormal">We've tested it from various subnets of ours and some show the injection while others don't.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">
If you see it we'd be keen to see the path your going and if its via peering etc.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Cheers<u></u><u></u></p></div><div>
<p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Cameron<u></u><u></u></p></div></div></div></div></div></div><br></div></div><div class="">_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></div></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<p>Damien Gardner Jnr<br>VK2TDG. Dip EE. GradIEAust<br><a href="mailto:rendrag@rendrag.net" target="_blank">rendrag@rendrag.net</a> - <span><a href="http://www.rendrag.net/" target="_blank">http://www.rendrag.net/</a><u><br>
</u></span>--<br>We rode on the winds of the rising storm,<br> We ran to the sounds of thunder.<br>We danced among the lightning bolts,<br> and tore the world asunder</p></div>
</font></span></div>
</blockquote></div><br></div>