So earlier today I noticed a discrepancy in traffic to question-defense.com and because of a previous incident I knew exactly where to look. Sure enough a similar attack had been performed which we are coining Search Engine Click Jacking. In this case we are sure that a single files permissions were left open and the attackers were able to write PHP into the file which caused traffic being referred to our site from many of the major search engines to be redirected to tenderloin.osa.pl. Our site is built using WordPress however any site built in PHP with incorrect permissions on any files are vulnerable to this type of attack. Below is more information about the attack, how to search for the attack, and a simple bash script that will remove the infected code from PHP files on your web site.attack, base64, base64_decode, base64_encode, bash, click jacking, curl, decode, encode, eval, permissions, PHP, referer, referrer, search engine click jacking, sed, spoofy, tenderloin.osa.pl, vulnerability, WordPress
Posts Tagged “referrer”
Oct 03 2011
Most of the logging options for LiteSpeed web server are very basic and general however I wanted to detail them to help others make educated decisions when it comes to the logging configuration. There is one option I use outside of the normal log configurations which is configured in a tab other than the log tab under server configuration. Below I will explain all of the configuration options and provide examples of what I recommend for LiteSpeed.
The very first thing I do when configuring a new server is to modify the “Disable Initial Log Rotation” option from “Not Set” to Yes. The purpose of this option is to make the lsws log file directory a bit more manageable. The Disable Initial Log Rotation option will stop the error.log file from being rotated every time the server is restarted. If you are on a development server this might happen numerous times a day thus creating a mess in your log directory. Instead I only rotate the error.log file based on size as described in detail below.access log, apache, error log, format, headers, Litespeed, logging, logs, lsws, referrer, rotation, stderr, useragent