Re: Rogue PHP file

From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
Date: Sun, 29 Jun 2008 00:45:25 +1000

G'day Frank,

I am neither the 'alarmist' which Susan is nor the 'routers are evil' that
you will get from Leythos.

I have the benefit of having seen your later post but, so far, I'm not
really sure whether the internet name for your SBS is _actually_
mail.xxxxxxxxxx.com. There's issues about bad/poisoned DNS that would need
to be investigated. SBS would need to be _pretty thoroughly 'owned'_ before
'anything.php' comes into play.

_IF_ the server has been compromised, and so far I'm not really sure it has,
you should be firstly looking to PCSafety, as Susan has suggested, and then
considering _HOW_ this happened and the _cost_ of addressing the issue (on
your primary DC, which you should now trust _NOTHING_ from), vs externally
hosting your public (www) domain.

Though SBS is thoroughly capable of hosting websites (I do it myself) it's
not really a good idea, particularly considering the _very cheap_
alternatives which may not only give you greater facility and bandwidth but
also less concern about 'such hacks'.

"Frank" <ffarero@xxxxxxxxxx> wrote in message
news:48658f04$0$5981$9a6e19ea@xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi all,

SBS 2003 server, XP pro clients, WRT54GS router, Static IP from ISP using
exchange for mail.

Not sure if this is the right news group. I got a call today from a new
client stating that their mail.xxxxxxxxxx.com address was being redirected
to a Banking Phishing website.
They stated that they got a call from a security firm in Calif. staing it
looked to them like a rogue PHP file was accepting requests. Any ideas on
how to approach this to find fix it?

Thanks

Follow-Ups:
- Re: Rogue PHP file
  - From: Frank
- Re: Rogue PHP file
  - From: Leythos
- Re: Rogue PHP file
  - From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

References:
- Rogue PHP file
  - From: Frank

Prev by Date: Re: hal.dll
Next by Date: Re: Rogue PHP file
Previous by thread: Re: Rogue PHP file
Next by thread: Re: Rogue PHP file
Index(es):
- Date
- Thread

Relevant Pages

Re: Rogue PHP file
... Sandi and I have seen many a SBS site end up being a Phishing launching site. ... I am neither the 'alarmist' which Susan is nor the 'routers are evil' that you will get from Leythos. ... SBS 2003 server, XP pro clients, WRT54GS router, Static IP from ISP using exchange for mail. ...
(microsoft.public.windows.server.sbs)
Re: Replication isse with SBS 2003 and additional W2K3 server on remote site
... many similar issues as the RPC cannot function well on some routers. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... >Subject: Re: Replication isse with SBS 2003 and additional W2K3 server on ...
(microsoft.public.windows.server.sbs)
Re: Page Cannot Be Displayed
... 159211 Diagnoses and Treatment of Black Hole Routers ... Les Connor [SBS MVP] ... > It appears that the problem isn't on the servers, ... Ethernet adapter Network Connection: ...
(microsoft.public.windows.server.sbs)
Re: DHCP in SBS 2003 R2
... Most routers don't hand out: ... SBS as only DNS server. ... AD to be explained by name resolution issues to AD resources, ...
(microsoft.public.windows.server.sbs)
Re: How do I find a true SBSer in the Seattle/Tacoma, WA area?
... David and Susan both fired over your post to me and I went in and got you ... Steven Banks [SBS MVP] ... > I wonder why they didn't respond to my request on the actual Puget Sound ... >>> other areas besides managing our network. ...
(microsoft.public.windows.server.sbs)