Webmaster Security

Newer file uplopader botnet making rounds as of this year. gxhlgsltxt

Submitted by sudo rm rf, , Thread ID: 124056

Thread Closed
11-03-2019, 06:19 AM
#1
Early this year bitninja reported finding and capturing a file up-loader botnet called gxhlgsltxt, which would try to upload an empty text file. It then scans http to see if the file was uploaded properly. This botnet really started hitting traffic around February 15th 2019. One of the reasons i use bitninja to secure all my hosting plans is this reason. After reviewing my logs a few days ago i noticed two of my domains had this in the reports. Both times the attack was blocked and the attackers IP was black listed. Most if not all of these attacks are coming from china it appears.

With bitninja FTP CAPTCHA this attack is blocked and your site is secure.
We also noticed some WP-Admin attacks that bitninja was able to sucessfully block. We are currerntly working on a Secure WP-ADMIN write up inwhich i will post here also for anyone who is using wordpress.
Below is what the report looks like

Victim server: whm.#################.com
Victim domain: #################
.com
Attacker ip: 175.173.68.180

Url: [#################
.com/GXHLGSL.txt]
Remote connection: [175.173.68.180:61629]
Headers: [array (
'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
'Content-Type' => 'application/x-www-form-urlencoded',
'Accept' => '*/*',
'Host' => '
#################.com',
'Accept-Encoding' => 'gzip, deflate',
)]


**I changed the domain text for privacy**

Users browsing this thread: 1 Guest(s)