Andrew Martin

I’m a few days late for posting this but the HostExploit team has produced another report, this time on an attack dubbed “MalFI” for malicious file inclusion. This encompasses remote file inclusion (RFI), local file inclusion (LFI) and Cross Server Attack (XSA). The report had been in the works for quite some time and while [...]

As I was perusing my logs today on a lazy Sunday afternoon I found I was being attacked by more RFI bots than usual. To my surprise I realized it is because of my previous post on controlling RFI bots.  In my last post I included a dork that is frequently scanned for, and in [...]

Lets delve a little deeper into the Osirys IRC bot which I initially discussed in part 1. First I will illustrate how the attacker finds and exploits web servers, then I will discuss how ISPs can get involved and remove these bots from their networks.
First the attacker issues a command to the bot to begin [...]

For my next installment on RFI attacks we will look at the extremely popular FX29 shell.
To find if you or someone else has been compromised with this shell search for the following:
intitle:”FaTaLisTiCz_Fx”
At the time of writing this, the above search query returns 17,400 matches which certainly indicates the prevalence of this shell.
Here is what the [...]

One of the constant threats out on the internet are Remote File Inclusion (RFI) attacks. This class of threat is simple to execute and can yield very valuable results to the attacker. With the multitude of web applications out there, there are constantly new vulnerabilities discovered. The subject is rather large so I will have [...]