A customer service system upload vulnerability causes the server to be taken down (cont.)

      Last time we talked about our server because this customer service system was taken down, we in the server behind the Trojan killer, the results killed a lot of Trojans, but after screening, Really can execute only 2, look at the creation time of the two Trojans, one is 3 days ago, that is, white hat first try to contact us at the point of time, and another creation time is actually a few years ago, in the case of the best of the white hat we confirmed, he said he only sent a trojan, Another is definitely not his, say back, our customer service system was online for a few months, how can there be a few years ago the horse? Speaking of which, presumably everyone has been questioned, this will not be the customer service system comes with it? In order to prove this, I carried out the following series of actions:

1, Login to the service system's official website, found that the official website has also used its own customer service system. Think: That being the case, their own customer service system may also exist in this aspx one sentence horse.

2, according to the sentence horse structure to access the path of the horse's URL, try to connect through the kitchen knife, the results actually connected, indicating their own site also has this horse.

3, the unfinished further confirmation, to Google search using the system's site, nothing found (the reason for small manufacturers?) ), through their customer service to a few of their customers, using the same method to try to connect the horse, the results have been successful.

Products with horses the consequences are self-evident, the key is how the horse came? In general, there are two possibilities:

(1), the vendor development server is hacked, the product is secretly implanted in the horse.

(2), the behavior of internal personnel.

So far, but no real conclusion has been reached, and it is not expected to be used again until the matter is clarified.

Summary:

     This event is now temporarily over, as described in the previous article, this problem, in fact, is not in what part of the problem, but each link may have problems, To think about how to improve and prevent in the future is really the end. In other words, large manufacturers of products may not be reliable, but at least by all sides of the concern, the product will not be too bad and dare not to mess, therefore, the big manufacturers of open source products should become the first choice (such as Discuz), and small manufacturers of products, although the attention of less people, but once found loopholes, if no one reported, then Their business system has been difficult to find the stallion, therefore, this will be the future product selection of one of the ideas.

A customer service system upload vulnerability causes the server to be taken down (cont.)