What causes web attack to promote medicine-area.com ?

What causes web attack to promote medicine-area.com ?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
What causes web attack to promote medicine-area.com ? Mark 08-06-2007
Posted by Mark on August 6, 2007, 5:09 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I found the following code snipped added to a page on a webserver:
<? if ((eregi("bot", $_SERVER['HTTP_USER_AGENT']) or eregi("urp",
$_SERVER['HTTP_USER_AGENT'])or eregi("msn", $_SERVER['HTTP_USER_AGENT'])))
?>

It looks as the purpose of this attack is to promote the website mentioned by
creating a link to it that is only visible to searchengine bots and crawlers.
I am very thankful for any help about what is causing this code to land on the
webserver. Both the web hoster and me checked the servers logfiles and checked
for rootkits, but could not find anything.

thanks, Mark

Similar ThreadsPosted
how can i tell if under attack? October 16, 2005, 10:57 pm
Re: Possible attack? September 19, 2008, 3:15 pm
Re: Possible attack? September 19, 2008, 5:40 pm
Attack statistics... August 11, 2004, 8:09 pm
What does denial of service attack mean? April 30, 2005, 10:05 am
webserver attack attempt July 14, 2005, 5:24 am
Network Attack generator November 28, 2005, 9:49 am
DOS Attack & High load June 29, 2007, 5:58 am
Re: MI5 messages are a DDOS attack? November 18, 2007, 7:27 pm
SSRT3521 rev.2 HP-UX OpenSSL CBC timing attack in SSL and TLS July 5, 2004, 3:32 pm

The site map in XML format XML site map

Contact Us | Privacy Policy