Earlier in the month we published an article regarding the lilupophilupop.com SQL injection attacks (http://isc.sans.edu/diary.html?storyid=12127). being a month onwards I though it might be a good time to reflect on this attack and see how it is going.
If you want to find out if you have a problem just search for "<script src="http://lilupophilupop.com/" in google and use the site: parameter to hone in on your domain. |
Mark 392 Posts ISC Handler Dec 31st 2011 |
Thread locked Subscribe |
Dec 31st 2011 1 decade ago |
Hi,
'd know tell me what type of infection you use??? I can see the code sl.php? sorry for my bad English thanks a lot |
Anonymous |
Quote |
Jan 2nd 2012 1 decade ago |
Amazing that the domain is still active and has never been taken down
|
dayglo 5 Posts |
Quote |
Jan 2nd 2012 1 decade ago |
I'm not at all amazed that the site is still up. See http://google.com/safebrowsing/diagnostic?site=AS:48691 for an idea of why.
|
dayglo 5 Posts |
Quote |
Jan 2nd 2012 1 decade ago |
Can a simple cable or ADSL user block this network?
Is it possible when they had BGP compatible routers and connections? Will it be better with IPv6? |
Anonymous |
Quote |
Jan 3rd 2012 1 decade ago |
For a home user, opendns.com is probably the simplest (free) way to protect yourself against this and other threats. You could also just add an entry to the "hosts" file on your system for that domain, but this will only block this one domain and will be harder to manage. From my testing, browser blocklists like Firefox's "safe browsing" feature block the domain already.
|
Johannes 4515 Posts ISC Handler |
Quote |
Jan 3rd 2012 1 decade ago |
Ok about the123.000 hitting in NL are mainly from one site
1. everything that ends with .vakantieland.nl (approx 48.000 hits) the rest is mostly refering to the threat, so less fuss then expected.... |
Johannes 1 Posts |
Quote |
Jan 4th 2012 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!