Analyzing code on suspicious sites I often visit Redleg’s file viewer’s site to do an analysis: http://aw-snap.info/file-viewer
Now visiting the site I get this message"This account has been suspended. If you expected to see your site here contact the Billing Office to bring your payments up to date." and

0
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, cgiadmin@yourhostingaccount.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Scanning the site at urlquery gives a snort IDS alert " INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious "
PHP version has vulnerabilities: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-106044/PHP-PHP-5.2.17.html
See: http://www.avgthreatlabs.com/sitereports/domain/aw-snap.info/

polonus

Intresting?

H redlegx3,

Hopefully the site-owner will check on his log files for what request and analyzed website code may have caused this.
“The hacker hacked sort of” is not what we like to see or aim for.
Proven here again that exploitable PHP is the “royal route” into all sort of websites :(.
Always pay a close watch on external input and mind your “escapes”,

polonus

I am the site owner

Hi redlegx3,

First I like to thank you for that service. To establish some first hand facts about a site’s code being with issues, your third party scanning file viewer is a great help (script issues, redirects, malFrames, obfuscated code, code after the /html tag etc. etc. I like to combine it with an urlquery.net scan and several others during my websites analyses for these forums. Funny that I ran into a misconfiguration at your site. This is what I get going there with WebBug. I added the header and GET request results,

polonus

I am sorry I got your message but when I tried to reply I got a response from the forum software saying I was not allowed to send personal messages??

Hi redlegx3,

This because you do not have reached the number of 20 postings yet (you soon will), and then you are allowed to send back a PM. Question is now that I get a misconfiguration message trying to go to http://aw-snap.info/file-viewer/ and the message that I get is

I put this tool on-line to assist individual web site owners in finding malware on their sites and as my security software does not think you are an individual site owner trying to clean up their site it is not allowing you to access the tool.

Whenever I ever do a query at your site viewer it is for individual site owners reporting here at avast webforum’s virus and worms section. Never do anything out of the intention of that site, really. Now I cannot go to the site directly. We both share a similar goal, e.g. finding and fighting malcode. Can you explain?

polonus

You should be able to use the tool now. I apologize my security system misclassified your use.

Hi redlegx3,

Thank you a bunch, let us keep up thegood work,

polonus

I apologize for the inconvience. When I set up the security rules I did not anticipate this type of use. I am working to modify them now. I appreciate you posting here as I now understand that the rules are probaly blocking other users who are legitmately trying to use the tools and that is certainly not my intent.