Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 9 July 2009 and back in exploits

DNS-BH has reported that and are back doing exploits folks. This would be a great time to go through your sites codes and check you're properly filtering user input/querystrings etc, and of course, changing FTP etc passwords frequently is always a good idea (though you must ensure the machine you do this from is clean as it's going to be a waste of time if it's infected with for example, a keylogger).

Ref: is currently returning according to OpenDNS, even after a cache check, but was previously at (NEVAL - AS49314), which is hosting all sorts of malicious goodness;


My friend from DNS-BH pointed out that Google's diagnostics last visited today and last found malware today;

I've got it on monitoring, so I'll know when it starts resolving properly again. I've checked with the guys from OpenDNS, and the domain's name servers are returning, so it looks like they're trying to evade something .... they'll be back (again), they always are.

No comments: