Quote:
Originally Posted by beta-tester
I don't know how you people got infected? Was it your computer and then when accessing the server via FTP it spread there too? I myself, never had problems with comus thumbs and I believe that's because I keep my server very clean and maintained properly. Among all the security mechanisms I've implemented there I have mod_security on apache, and few password protected directories where comus resides.
I also have clamAV for scanning and removing infected files. So far, only one account on the server got infected, and that's my friend's account who had his computer infected. But all my sites are totally ok.
That's why I am wondering how the hell did you get hit by this shit? What security hole is exploited on comus, from where?
|
It is not an infected PC issue (scanned all my systems twice with 2 different AV scanners and also spybot.. I'm not a noob, owned a computer shop for 7 years, sold it and then did computer networking and security for multiple government offices before switching to doing adult shit full time).
It is not an FTP issue (checked all FTP logs, nothing other than my IP and everything was exactly what I had uploaded/downloaded).
I ran ClamAV when I first noticed the problem, it picked up shit.. it found nothing even though the server was infected.
"Somewhere" in Comus is a vulnerability which allows backdoor files to be created, then those backdoors create the trojans across the server.
If you have not been hit, it is simply because your script has not yet been targetted. It could be an hour from now, a week from now, a year from now, or never. Just because it is vulnerable, does not mean you WILL get infected.. it just means it's possible.. but if I were a betting man, I would say it will probably happen sooner or later to you.
Comus thumbs site has been messed up for some time, and then this issue occured.. with no mention from them about what's up, with the exception of boneless commenting in a few threads that they are trying to deal with it.