id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="INDICATOR-OBFUSCATION iFrame injection offscreen" group="500" srcip="85.214.***.***" dstip="10.0.***.***" proto="6" srcport="80" dstport="4201" sid="29191" class="A Network Trojan was detected" priority="1" generator="1" msgid="0"
It doesn't sound like one should ignore it, but what can be done specifically? In theory, it might be a false positive, but the correspondingthread has no such entry - yet. On the other hand, the offending page is a typo3 login page, so not an unlikely target of attack.
- The problem was detected when a user of mine complained to me that he could login to that typo3 page from home but not from work. If the warning is real, that suggests that his home PC is infected; is there anything specific I could ask him to scan for?
- Via that user there is an indirect contact with the webmaster of that site. Is there anything specific I could inform the webmaster about what to scan for?
This thread was automatically locked due to age.
