[Owasp_wasc_distributed_web_honeypots_project] Compromised Site Notification Process

Ryan Barnett ryan.barnett at owasp.org
Thu Apr 16 14:14:32 UTC 2015


Referencing this blog post - http://www.volexity.com/blog/?p=118.  We
actually found the exact same thing and were about to write about it and
they beat us to it :(  Anyways, I have posted a bit of info here -
https://github.com/SpiderLabs/owasp-distributed-web-honeypots/tree/master/Sh
ellShock-Worm.  So, we have a site that has been previously compromised and
is being used as a malware repo as part of this attack -
http://www.nms-iq.com/.  The malware files are now gone, however we don¹t
know if it was the attacker(s) that removed it or if the site has been made
aware.  

Anyways ­ this scenario should be discussed.  I would think that we would
want to figure out some type of official OWASP notification process to alert
ABUSE contacts as these different sites if we find that their web servers
have been compromised.

Let me know what you all think and we can craft up some type of process and
email text to run by the OWASP Board.

-Ryan




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_wasc_distributed_web_honeypots_project/attachments/20150416/0ce98516/attachment.html>


More information about the Owasp_wasc_distributed_web_honeypots_project mailing list