Doorways Sneak To Non-Default Ports of Hacked Servers

Doorways Sneak To Non-Default Ports of Hacked Servers 63

Posted by timothy on Saturday December 04, 2010 @04:49PM from the buncha-jerkfaces dept.

UnmaskParasites writes "To drive traffic to their online stores, software pirates hack reputable legitimate websites injecting hidden spammy links and creating doorway pages. Google's search results are seriously poisoned by such doorways. Negligence of webmasters of compromised sites makes this scheme viable — doorways remain unnoticed for years. Not so long ago, hackers began to re-configure Apache on compromised servers to make them serve doorway pages off of non-default ports, still taking advantage of using established domain names."

Doorways Sneak To Non-Default Ports of Hacked Servers

This discussion has been archived. No new comments can be posted.

Search 63 Comments Log In/Create an Account

Comments Filter:

Re:Firewall (Score:4, Interesting)

by La Gris ( 531858 ) writes: <lea.gris@noiMENC ... net minus author> on Sunday December 05, 2010 @03:52AM (#34449090) Homepage

No need to access or change the normal Apache config.
Usually they just spawn a new apache process as the hacked user with something like apache2 -d /tmp/haxorsite -c "listen 13675" ...
Suffice to gain user shell access and inject some content te serve.
Thats why any decent hosting provider uses some front end servers, eventually with mod_security, so the back-end cluster has very restricted network setup only able to talk to the front servers.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Doorways Sneak To Non-Default Ports of Hacked Servers 63

Doorways Sneak To Non-Default Ports of Hacked Servers More Login

Doorways Sneak To Non-Default Ports of Hacked Servers

Re:Firewall (Score:4, Interesting)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot