Date: Fri, 19 May 2006 12:42:42 +0200 From: "Daniel A." <alive@dienub.org> To: Don O'Neil <don@lizardhill.com> Cc: users@httpd.apache.org, freebsd-questions@freebsd.org Subject: Re: Hacked Web Site Message-ID: <446DA122.8020202@dienub.org> In-Reply-To: <004a01c67b0f$f5598b50$0300020a@mickey> References: <004a01c67b0f$f5598b50$0300020a@mickey>
next in thread | previous in thread | raw e-mail | index | archive | help
Don O'Neil wrote: > A customer of mine recently had their web site hacked and the index file > defaced by Milli-Harekat... > > http://www.zone-h.org/en/search/what=Milli-Harekat.Org/ > > Does anyone know the exploit used for this and where to find out about > fixing it? I have a feeling it's a brute force attack of some sort, but I > can't find anything. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hi Don, Please look in your auth.log (Usually in /var/log) to check for recent failed log attempts, and your httpd-*.log (Usually /var/log unless specified otherwise in your httpd.conf files) If you find something suspicious, please paste the relevant lines. I suggest *not* attaching the entire log files, as they may contain sensitive data in form of IP addresses and valid usernames.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?446DA122.8020202>