[AusNOG] Web Injection

Cameron Murray cameron.murray at gmail.com
Tue Jul 8 12:22:18 EST 2014


We thought that so fired up the phone on the company wifi and browsed and
saw the Injection then disabled the wifi and tested on 4g and refreshed the
browser and it was gone.


On Tue, Jul 8, 2014 at 12:20 PM, Damien Gardner Jnr <rendrag at rendrag.net>
wrote:

> You'll likely find it's in a .htaccess rewriting via a php file.  Had a
> few customer sites with that happen.  Tends to set a cookie, so you'll only
> see it on first visit.  Or in a few cases, ONLY web crawlers will see it.
>  So visitors will never see it, but google crawler sure will!
>
>
> On 8 July 2014 12:10, Zone Networks - Joel <joel at zonenetworks.com.au>
> wrote:
>
>> If you are not seeing the injection in the physical file and modified
>> date is pretty old..
>>
>>
>>
>> Than sounds like Apache level injection..  you wont see the injection in
>> the code as its done at the web server level
>>
>>
>>
>>
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Cameron
>> Murray
>> *Sent:* Tuesday, 8 July 2014 12:03 PM
>> *To:* ausnog at ausnog.net
>> *Subject:* [AusNOG] Web Injection
>>
>>
>>
>> Guys,
>>
>>
>>
>> Thought I'd post here to see if anyone else is seeing the injection at
>> the very bottom of this site.
>>
>>
>>
>> www.jamboree.com.au
>>
>>
>>
>> We've tested it from various subnets of ours and some show the injection
>> while others don't.
>>
>>
>>
>> If you see it we'd be keen to see the path your going and if its via
>> peering etc.
>>
>>
>>
>> Cheers
>>
>>
>>
>> Cameron
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
>
> --
>
> Damien Gardner Jnr
> VK2TDG. Dip EE. GradIEAust
> rendrag at rendrag.net -  http://www.rendrag.net/
> --
> We rode on the winds of the rising storm,
>  We ran to the sounds of thunder.
> We danced among the lightning bolts,
>  and tore the world asunder
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140708/20ab4cf1/attachment.html>


More information about the AusNOG mailing list