Kaizeku

Feb 17th, 2008 +0000 UTC

Statcounter Update.sh Workaround (ip2location Informations Leak)

The server where the backup’s log of the last three days are situated is badly set. The access for all directory by server is free, include “utils” directory that contains one script file called “update.sh” inside of which are situated the user and password to enter and download the database log from ip2location.com ~ excerpt from Giani Amoto

There is workaround for statcounter update.sh ip2location informations leak
check out this posts at kakkoi → Statcounter Update.sh Vulnerability Fixes

Quick workaround

add the following htaccess code in statcounter /utils/ directory.

#deny access to any file with *.sh filetypes
<Files ~ "^\.sh">
 Order allow,deny
 Deny from all
 Satisfy All
</Files>

#Deny request for *.log & comment files
<Files ~ "^.*\.([Ll][Oo][Gg]|[cC][oO][mM][mM][eE][nN][tT])">
 Order allow,deny
 Deny from all
 Satisfy All
</Files>

Feb 7th, 2008 +0000 UTC

More Cheese – Happy Chinese New Year

2008 is the year of the Rat. Happy Chinese new year

2 Comments

Filed under Blog

Tags: chinese, cny, events, lol, rat

Jan 31st, 2008 +0000 UTC

Bluehost Hostmonster CEO Hacked Again

This is the third time Matt Heaton wordpress blog got hacked. View it for yourself http://www.mattheaton.com (noscript enabled) or try google cache (Jan 28 2008 10:10:05 GMT).

ScreenGrab

mattheaton.com Jan 28 2008

More on this at kakkoi → Matt Heaton Bluehost Hostmonster CEO Hacked Again – Strike II – Blackhat SEO Spamdexing LocalRank .

1 Comment

Filed under Blog, OWNED, bluehost, hack, hostmonster, injection, vulnerability

Tags: Blackhat, bluehost, BotNet, Exploit, goro+spam, hostmonster, localrank, matt+heaton, mick+jagger, networm, remote injection, script injection, spamdexing, sybil attack, vulnerabilty, wordpress, xmlrpc, xss