Hacked Web Site
Kevin Kinsey
kdk at daleco.biz
Fri May 19 06:10:50 PDT 2006
Don O'Neil wrote:
> A customer of mine recently had their web site hacked and the index file
> defaced by Milli-Harekat...
>
> http://www.zone-h.org/en/search/what=Milli-Harekat.Org/
>
> Does anyone know the exploit used for this and where to find out about
> fixing it? I have a feeling it's a brute force attack of some sort, but I
> can't find anything.
What makes you think it was a BF attack? IANAE, but looking over
a list of exploits, I see a fairly large number against PHP pages
and the like, including what appears to be HTML URI injection by means
of a semicolon and HTTP 'meta-refresh' tag; so, I'd starting looking
for insecure server-side scripting, especially in the absence of any
evidence of compromise of the machine itself.
Of course, "compromise of the machine itself" is a whole 'nother
"ball of wax". You've my sympathies either way.
Kevin Kinsey
More information about the freebsd-questions
mailing list