This actually worked:
regall:Undefined index: pin
with result:
# Regular expression match = [Undefined index: pin]:
'/home/webhost/public_html/images/ucon/error_log'
STICKY rules for CXS.XTRA regs.
tvcnet wrote:This actually worked:Sorry to tell you this, but the "error_log" file is going to be set as positive as what you are looking for is an error logged there, but that is not an exploit nor a script exploiting something, you are just searching for a chain of characters.
regall:Undefined index: pin
with result:
# Regular expression match = [Undefined index: pin]:
'/home/webhost/public_html/images/ucon/error_log'
tvcnet wrote:Got it.Do this, enter into your server as root and type the following:
Wouldn't that chain of characters have to be:
Undefined index: pin
?
Which as far as I can tell would only be found in this specific error log file used for this specific type of phishing script.
Thanks,
Jim
less /usr/local/apache/log/error_log* | grep "Undefined index: pin"this will show you how many times this error has been logged.
Just tell me what you see.
-
Junior Member - Posts: 1
- Joined: 08 Sep 2010, 11:43
Sergio...Thanks for the stuffs and chirpy as well. I tried them and got it fixed!
I am including a new regall that you should add to your CXS as soon as you can:
The following is what the code means:
Sergio.
%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2Fthis is part of an EVAL.
The following is what the code means:
document.write('<iframe src="http://As you can see, this is very dangerous as the URL could be anything.
Sergio.
Sorry,
by mistake I didn't write one of the rules as it should be.
WRONG RULE:
regall:facebook\.com/crazytaxi/
FIXED RULE:
regall:facebook\.com\/crazytaxi\/
In the first post is already fixed.
Please note, if you have wrote as it is in the wrong rule, your CXS will not work.
by mistake I didn't write one of the rules as it should be.
WRONG RULE:
regall:facebook\.com/crazytaxi/
FIXED RULE:
regall:facebook\.com\/crazytaxi\/
In the first post is already fixed.
Please note, if you have wrote as it is in the wrong rule, your CXS will not work.