Yeah, I don't believe the file is there, but a crawler did find that sub domain at one point. I don't think anyone with ftp access on the mod team put it there. I just found it odd the timeline matched with the sophos block. Thank you for the quick reply my man. Go ahead and hide and or delete this thread. I made it public hoping the reports would reach you.
I think it's all false. I can't see any HTTP requests on there which confirm there was ever malware present. Just them checking URLs of where malware could be, and seeing it's not there...
The only person with any server access is me (and that's always been the case). We also run our webservers in containers, which are destroyed and created often from a very basic Docker image.
I think our SSO flow is triggering a lot of antiviruses, because it generates multiple random strings.
I will leave the thread up. If anyone wants to look into this further and prove me wrong, then that is welcome.
Oh, I just thought of something. If you have another site or non public (on another domain) version of the site for testing updates; check to see if alienvault is checking possible locations of uploaded infected files. It may give the ultimate answer as to whether it is all random or not. I don't have any projects up at the moment or I would check myself. Anyways, good night once again.
Yeah, I don't believe the file is there, but a crawler did find that sub domain at one point. I don't think anyone with ftp access on the mod team put it there. I just found it odd the timeline matched with the sophos block. Thank you for the quick reply my man. Go ahead and hide and or delete this thread. I made it public hoping the reports would reach you.
I think it's all false. I can't see any HTTP requests on there which confirm there was ever malware present. Just them checking URLs of where malware could be, and seeing it's not there...
The only person with any server access is me (and that's always been the case). We also run our webservers in containers, which are destroyed and created often from a very basic Docker image.
I think our SSO flow is triggering a lot of antiviruses, because it generates multiple random strings.
I will leave the thread up. If anyone wants to look into this further and prove me wrong, then that is welcome.
Oh, I just thought of something. If you have another site or non public (on another domain) version of the site for testing updates; check to see if alienvault is checking possible locations of uploaded infected files. It may give the ultimate answer as to whether it is all random or not. I don't have any projects up at the moment or I would check myself. Anyways, good night once again.