Date: Fri, 19 May 2006 08:10:40 -0500 From: Kevin Kinsey <kdk@daleco.biz> To: "Don O'Neil" <don@lizardhill.com> Cc: freebsd-questions@freebsd.org Subject: Re: Hacked Web Site Message-ID: <446DC3D0.8010903@daleco.biz> In-Reply-To: <004a01c67b0f$f5598b50$0300020a@mickey> References: <004a01c67b0f$f5598b50$0300020a@mickey>
next in thread | previous in thread | raw e-mail | index | archive | help
Don O'Neil wrote: > A customer of mine recently had their web site hacked and the index file > defaced by Milli-Harekat... > > http://www.zone-h.org/en/search/what=Milli-Harekat.Org/ > > Does anyone know the exploit used for this and where to find out about > fixing it? I have a feeling it's a brute force attack of some sort, but I > can't find anything. What makes you think it was a BF attack? IANAE, but looking over a list of exploits, I see a fairly large number against PHP pages and the like, including what appears to be HTML URI injection by means of a semicolon and HTTP 'meta-refresh' tag; so, I'd starting looking for insecure server-side scripting, especially in the absence of any evidence of compromise of the machine itself. Of course, "compromise of the machine itself" is a whole 'nother "ball of wax". You've my sympathies either way. Kevin Kinsey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?446DC3D0.8010903>