Re: indiahighcom-mauritius.org

From: Ish Sookun <ish_at_hacklog.in>
Date: Wed, 13 May 2015 16:22:22 +0400

Looking at the homepage source, one could find the following code at the
bottom :

PHP Warning: session_start() [<a
href='function.session-start'>function.session-start</a>]:
open(C:\tmp\sess_o6gn2give5ct65j9ek1pjcb2r3, O_RDWR) failed: Permission
denied (13) in
\\boswinfs01\home\users\web\b171\ywh.hcimauritius\config\connect.php on
line 1

Yes, that's a Windows server with a folder having permission issues
assigned to the webserver. An error text inserted after the </html> tag
could lead Google to believe the page has been compromised and the text
inserted maliciously. It's just my observation, I could be wrong too.

Regards,

-- 
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
On Tue, May 12, 2015 at 3:37 PM, Mohammad Nadim <nadim.attari_at_gmail.com>
wrote:
> Hello,
>
> It's a Windows Server. IIS 7.0 web server + Microsoft ASP.NET web
> framework + PHP 5.2
>
> I don't think it's a problem with the webserver, but more with the PHP
> scripts, which may have been used to compromise the website.
>
> Regards,
> Nadim Attari
>
>
> On 12 May 2015 at 13:50, S Moonesamy <sm+mu_at_elandsys.com> wrote:
>
>> Hello,
>>
>> I was doing a search and I noticed the following for
>> indiahighcom-mauritius.org
>> http://www.elandsys.com/~sm/indiahighcom-mauritius-org-search-warning.png
>>
>> Regards,
>> S. Moonesamy
>>
>>

Received on Wed May 13 2015 - 12:22:37 PST