What is AccessDiver ? And howto block CGI-Telnet ?

Today I have found few eggdrops running under very legit shopper usernames.

I have tracked that someone get in to these accounts and put .access.pl file which is some CGI:Telnet

Also I have seen some name like "AccessDiver"

so my question would be how they managed to get access to these legit accounts and put .access.pl file ? How to avoid this CGI:Telnet stuff of running in future ?


What is AccessDiver, it looks like it somehow get usernames/passwords of accounts. But i don't believe it can because user name was something like "az32a2sa" I can't believe that it was in some brute force list.

 

 

 

 

Top