DDoS Persistence Attack Using Cron Jobs, Friday 5 April 2024.

A denial of service attack was carried out on the website rcristofano.com. This attack was executed through the insertion of malicious crons in various system submodules, which continuously generate malicious files (running once per second), overloading the only server that keeps the website online and negatively affecting the availability and performance of rcristofano.com. As noted: users who accessed the site could not change pages, and the site's processes ran very slowly. In this case, the security backups were not functioning because the malicious crons were activated, many of them hidden.

Malicious file injection was found in: system-developed code, web images, and various scripts scattered throughout the folder hierarchy. This is highly detrimental because all system files are executed both by the server, giving the attacker a way to steal internal data, and by users accessing the site, allowing the attacker to obtain sensitive data traveling from the device to the server.

The environment allowed the attacker to apply Cross-Site Scripting (XSS), in which the attacker injects code to redirect to another fake website, resembling rcristofano.com, designed to steal confidential information from users, under the name of rcristofano.com. This can have extremely serious consequences: credit card theft, sensitive information, requests under the name of rcristofano, trojans used to infect the personal computers of users who visited the site.

Link Webpage RCristofano