Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'state-coord'

Total: 3/3
    1. Re: [STATE-COORD] REINFECTION
    2. Jan Cortez

    3. I think the best solution is to get off their server. I've already moved both of my sites and know of quite a few others that are going as well. All I want is a pw for now for a redirect, so it won't be long that the only one there will be the National website holding the bag. <sigh> They can talk all they want about other hosts, but, I'm not seeing it. All I keep seeing is IX Web Hosting. Same problem, same server, over and over and that sure tells me something. Something rotten there. Jan ----- Original Message ----- From: <[email protected]> > Might not be part of the solution, just throwing out something I found. If > you hate technical reading then delete this now. > > For those that know about servers and programming, I found a technical > article that was interesting. > Run a google search on > CGI Vulnerabilities > First link should be a four page article by Aleksandar Stancin - for Help > Net Security > > Page 3 had "By using a cgi scanner you can safely find out by yourself for > any insecure CGI's on your system." > > Back to page 2, "In order for an attacker to find an vulnerable CGI, all > he > has to do is to connect to port 80 and repeatedly send a GET request to > CGI's on the server or suspecting they are on the server. Simply by > checking > your logs for repeated GET requests from a single remote host resulting in > a > 404, the 'file not found' error can give you an idea that something wicked > is > going on. As time passes, that same attacker may come up with an unsecure > CGI on your system. If that is the case, he'll most probably try to > exploit > the vulnerability." > > Maybe something the hosting companies need to glance at. > Michael Andrews, ASC Minnesota > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.423 / Virus Database: 270.14.24/2449 - Release Date: 10/20/09 18:42:00

    10/21/2009 10:43:41
    1. Re: [STATE-COORD] REINFECTION
    2. Joy Fisher

    3. Not quite true, Jan. We are the problem, not IX. If you move infected files to another server, you are just infecting another server. Someone (or maybe many someones) has a trojan on his/her personal computer which is transmitting to the hacker the userid and pw when he/she uploads files. New userids and pws can be reissued ad infinitum, but until the underlying problem is found and cleaned, you will be bailing out a leaky row boat. --- On Wed, 10/21/09, Jan Cortez <[email protected]> wrote: > From: Jan Cortez <[email protected]> > Subject: Re: [STATE-COORD] REINFECTION > To: [email protected] > Date: Wednesday, October 21, 2009, 1:43 PM > I think the best solution is to get > off their server.  I've already moved > both of my sites and know of quite a few others that are > going as well.  All > I want is a pw for now for a redirect, so it won't be long > that the only one > there will be the National website holding the bag.  > <sigh>  They can talk > all they want about other hosts, but, I'm not seeing it. > All I keep seeing > is IX Web Hosting.  Same problem, same server, over > and over and that sure > tells me something. > > Something rotten there. > > Jan > > ----- Original Message ----- > From: <[email protected]> > > > > Might not be part of the solution, just throwing out > something I found. If > > you hate technical reading then delete this now. > > > > For those that know about servers and programming, I > found a technical > > article that was interesting. > > Run a google search on > > CGI Vulnerabilities > > First link should be a four page article by Aleksandar > Stancin - for Help > > Net Security > > > > Page 3 had "By using a cgi scanner you can safely find > out by yourself for > > any insecure CGI's on your system." > > > > Back to page 2, "In order for an attacker to find an > vulnerable CGI, all > > he > > has to do is to connect to port 80 and repeatedly send > a GET request to > > CGI's on the server or suspecting they are on the > server. Simply by > > checking > > your logs for repeated GET requests from a single > remote host resulting in > > a > > 404, the 'file not found' error can give you an idea > that something wicked > > is > > going on. As time passes, that same attacker may come > up with an unsecure > > CGI on your system. If that is the case, he'll most > probably try to > > exploit > > the vulnerability." > > > > Maybe something the hosting companies need to glance > at. > > Michael Andrews, ASC Minnesota > > > > ------------------------------- > > To unsubscribe from the list, please send an email to > > > [email protected] > with the word 'unsubscribe' without the > > quotes in the subject and the body of the message > > > -------------------------------------------------------------------------------- > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.423 / Virus Database: 270.14.24/2449 - Release > Date: 10/20/09 > 18:42:00 > > > ------------------------------- > To unsubscribe from the list, please send an email to [email protected] > with the word 'unsubscribe' without the quotes in the > subject and the body of the message >

    10/22/2009 05:47:38
    1. Re: [STATE-COORD] REINFECTION
    2. Jan Cortez

    3. So, in other words, what you are saying is that regardless of whether I have gone thru everyone of my files that was on IX and made sure they were all clean, and I have virus and malware scanned my computer numerous times, that I should leave those infected sites on IX Web Hosting, ad finitum? Keep the patrons coming back for another dose of this same infection? To be quite honest with you four times is enough. Personally, and I am not a computer expert, I do think that there is something wrong there at IX that they can't clean this out and identify where the problem is. But, then again, what do I know? Jan ----- Original Message ----- From: "Joy Fisher" <[email protected]> Not quite true, Jan. We are the problem, not IX. If you move infected files to another server, you are just infecting another server. Someone (or maybe many someones) has a trojan on his/her personal computer which is transmitting to the hacker the userid and pw when he/she uploads files. New userids and pws can be reissued ad infinitum, but until the underlying problem is found and cleaned, you will be bailing out a leaky row boat. --- On Wed, 10/21/09, Jan Cortez <[email protected]> wrote: > From: Jan Cortez <[email protected]> > Subject: Re: [STATE-COORD] REINFECTION > To: [email protected] > Date: Wednesday, October 21, 2009, 1:43 PM > I think the best solution is to get > off their server. I've already moved > both of my sites and know of quite a few others that are > going as well. All > I want is a pw for now for a redirect, so it won't be long > that the only one > there will be the National website holding the bag. > <sigh> They can talk > all they want about other hosts, but, I'm not seeing it. > All I keep seeing > is IX Web Hosting. Same problem, same server, over > and over and that sure > tells me something. > > Something rotten there. > > Jan > > ----- Original Message ----- > From: <[email protected]> > > > > Might not be part of the solution, just throwing out > something I found. If > > you hate technical reading then delete this now. > > > > For those that know about servers and programming, I > found a technical > > article that was interesting. > > Run a google search on > > CGI Vulnerabilities > > First link should be a four page article by Aleksandar > Stancin - for Help > > Net Security > > > > Page 3 had "By using a cgi scanner you can safely find > out by yourself for > > any insecure CGI's on your system." > > > > Back to page 2, "In order for an attacker to find an > vulnerable CGI, all > > he > > has to do is to connect to port 80 and repeatedly send > a GET request to > > CGI's on the server or suspecting they are on the > server. Simply by > > checking > > your logs for repeated GET requests from a single > remote host resulting in > > a > > 404, the 'file not found' error can give you an idea > that something wicked > > is > > going on. As time passes, that same attacker may come > up with an unsecure > > CGI on your system. If that is the case, he'll most > probably try to > > exploit > > the vulnerability." > > > > Maybe something the hosting companies need to glance > at. > > Michael Andrews, ASC Minnesota > > > > ------------------------------- > > To unsubscribe from the list, please send an email to > > > [email protected] > with the word 'unsubscribe' without the > > quotes in the subject and the body of the message > > > -------------------------------------------------------------------------------- > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.423 / Virus Database: 270.14.24/2449 - Release > Date: 10/20/09 > 18:42:00 > > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] > with the word 'unsubscribe' without the quotes in the > subject and the body of the message > ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.423 / Virus Database: 270.14.26/2451 - Release Date: 10/22/09 08:51:00

    10/22/2009 09:04:39