New Mesh Injection Attack: 30,000 Websites already Hit?

"With SQL injection, an attacker exploits some kind of SQL flaw in order to inject code. With mass meshing, Huang said the attacker is in complete control of a website.

"So we believe this injection is not SQL but rather is done through control of infected sites using an automated FTP program," Huang said.

"Huang suspects that the attackers have somehow gained access to site login credentials, which are then used by the FTP program to access the site and inject the mass meshing script."

Complete Story

Related Stories:

• How To Configure PureFTPd To Accept TLS Sessions On Fedora 14(May 10, 2011)
• How To Integrate ClamAV Into PureFTPd For Virus Scanning On Ubuntu 10.10(Apr 28, 2011)
• Ubuntu 10.10 LAN Torrent Seedbox With Avalanche-rt, Lighttpd, Rtorrent, Vsftpd A(Apr 21, 2011)
• Back door in ProFTPD FTP server(Dec 03, 2010)
• Weekend Project: Set Up a TFTP Server on Linux(Sep 25, 2010)