[Discuss] g00nfish?

Stephen Adler adler at stephenadler.com
Thu May 24 16:07:25 EDT 2012


On 05/24/2012 03:53 PM, Tom Metro wrote:
> Stephen Adler wrote:
>> Today I noticed that someone has uploaded a php file called g00nfish,
>> which looks to me like some kind of web server exploit code. Anyone know
>> the origins of such a tool?
> Hadn't heard of it, but...
>
>> The way my web site is structured, there is
>> no way for that file to be executed, but maybe there's something about
>> this exploit file that I don't know and I could be vulnerable?
> You're probably not vulnerable, but your site may be facilitating
> attacks on other sites. The attacker might be using your site to
> "launder" his IP, such that an exploit script can be coded to pull from
> your storage service without the attacker needing to run a server or
> exposing his IP.
>
> (Presumably he is bouncing through anonymous proxies and other exploited
> machines when he makes outbound connections. Far more convenient to pull
> files from a known URL rather than trying to serve a file through all
> those anonymizing mechanisms. That attack script might also run
> unattended, at some unknown future date, so having a known fixed URL is
> necessary.)
>
>   -Tom
>
Interesting. Web site is designed to keep downloads limited and I 
haven't seen any so far for this file. But that's a good point you raise.

Thanks.




More information about the Discuss mailing list