Webmaster Security

Newer file uplopader botnet making rounds as of this year. gxhlgsltxt

Submitted by sudo rm rf, , Thread ID: 124056

Thread Closed
11-03-2019, 06:19 AM
#1
Early this year bitninja reported finding and capturing a file up-loader botnet called gxhlgsltxt, which would try to upload an empty text file. It then scans http to see if the file was uploaded properly. This botnet really started hitting traffic around February 15th 2019. One of the reasons i use bitninja to secure all my hosting plans is this reason. After reviewing my logs a few days ago i noticed two of my domains had this in the reports. Both times the attack was blocked and the attackers IP was black listed. Most if not all of these attacks are coming from china it appears.

With bitninja FTP CAPTCHA this attack is blocked and your site is secure.
We also noticed some WP-Admin attacks that bitninja was able to sucessfully block. We are currerntly working on a Secure WP-ADMIN write up inwhich i will post here also for anyone who is using wordpress.
Below is what the report looks like

Victim server: whm.#################.com
Victim domain: #################
.com
Attacker ip: 175.173.68.180

Url: [#################
.com/GXHLGSL.txt]
Remote connection: [175.173.68.180:61629]
Headers: [array (
'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
'Content-Type' => 'application/x-www-form-urlencoded',
'Accept' => '*/*',
'Host' => '
#################.com',
'Accept-Encoding' => 'gzip, deflate',
)]


**I changed the domain text for privacy**

RE: Newer file uplopader botnet making rounds as of this year. gxhlgsltxt

OP
#2
11-03-2019, 06:34 AM
Dtnljay Wrote:
Well the Mirai Botnet is still the most dangerous IoT net there is

actually i believe satori IoT Botnet is the successor to Mirai Botnet. Has roughly like 300,000 Ip associated with it

Users browsing this thread: 1 Guest(s)