WARNING CyberSpy5.ASP

[bolt]

Keep a look out for CyberSpy5.ASP on all your sites. I have found its a hacking file and can inform hackers of your dir and can be used to upload to your site.

 

[Stephen]

Not exactly sure why this is here, but if you have any asp scripts with WebWizGuide or others that allow uploading from admin or pictures, make sure you have it locked down to just certain filetypes, and not everything.

Edit: Moved to microsoft development

 

[bolt]

I did this to help warn others. I have locked down all asp uploading scripts fro only the files I need to upload so I dont know how this got onto the server.

 

[Stephen]

Thanks,

Can you send me a PM with your domain?

Edit: I just found your ticket, it seems someone may have found a way to upload to the folder with your script, I am checking it out now.

 

[bolt]

Thanks,

Can you send me a PM with your domain?

Edit: I just found your ticket, it seems someone may have found a way to upload to the folder with your script, I am checking it out now.

You informed that un-protected or upload all type of scripts may be how the file got on the sever. I think I found a script that was not protected hidden in a one of the folders. I have changed this. I can only hope this has helped

Hands up its down to my side how it got there

My domain is www.welshlens.co.uk

Thank you for all your help.

 

[Emagine]

slightly off topic but in Hsphere at jodo level or at ours is there a method that makes the Domains syb folders (complete file sctructre) so its read only by default on new domains/sub domains, and new folders made within that folder.

i ask because the number of people that leave them read/write , if someone needed a folder read/write they could use webshell to modify the directory , there by securing the server a bit more.