-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 20 May 2008, Mifa wrote:
> Our website was defaced by aLpTurkTegin. We are running apache, php
> ect. Does anyone know how this hacker is getting in and what I can do
> to prevent this?
>
> Our main web directory had all but one file deleted and hackedIndex.php,
> a.asp(a 0 byte file) and trustscn_put_test2 were placed into the main
> directory. The fact that the webserver served hackedindex.php makes me
> think its a apache web server flaw.
>
> Any comments, suggestions?
Not enough information is provided to yield an accurate assessment. For
example, the PHP version, Apache version, other services running on the
system, permissions of the affected directory, whether the site is
vhosted, et cetera). With that in mind, it's anyone's guess and the best
response you're going to get is a shot in the dark. Moreover, just
because your web content was affected doesn't necessarily mean that the
web server is at fault.
My $0.02: the intruder exploited a common flaw in one of your PHP scripts.
PHP, for all its ease of use, has a habit of being the weakest link in a
lot of web sites.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iD8DBQFINF8W5uViX8vEG7URAjUdAJ9wG1GdDf9fmw5OYwTJby7Xe1qWlQCfYknh
+H4GMqSBuYIk5Yx+Wk0JSjU=
=zKjC
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 22 2008
Intro
