On Sat, 6 Oct 2007, Matthew Miller wrote:
On Sat, Oct 06, 2007 at 12:30:18AM -0500, Arthur Pemberton wrote:
Because it's generally pretty easy to tell the operating system a given web
site is running on. Note that they're talking about *phishing sites*, not
the sites from which phishing spam or whatever originates.
The question still stands.... how do they know the attacks are from a
_rooted_ linux box? You don't need root to put put a phishing site,
esp. on a shared host.
Fair enough. They're just using that term incorrectly.
It would certainly be at least a hijacked host account
I have had about 4 over the past 5 years, each time it was only affecting
one domain because of the server perms, but it didnt matter, they used
either php nuke, or a picture gallery package each time, they simply
created a normal sounding subdir that was pointed to under that host, so
the host genuine owner logged into ftp, he would probably see the dir but
think nothing of it.
No mater how secure the server, there will always be one idiot who will
install some script that will get them hijacked.
--
Cheers
Res
Slackware -V- sloooUbuntoooou
http://lxer.com/module/newswire/view/93393/