******************************* Team Allaire *******************************
I do a security scan of my system every now and again using whisker from RFP
(http://www.wiretrip.net/rfp/2/index.asp). I suggest everyone either do the
same or ask someone you trust to do it for you. It takes little time to do
and the rewards could be massive (especially with the supposed cyberwar
coming). Also, run a few searches over your code for things like CFFILE,
CFINCLUDE and other tags that can be used as attack points. A few hours of
code review could save days in code rebuild.
As for how he got in, check all the logs on the box. Look for file gaps to
see if he hacked them to cover his trail. If there are none, then look for
things out of thr ordinary like .dll, .htx or other calls. Between the
system logs, web logs, CF logs and whatever you may find his attack route.
Finally, check out securityfocus.com and the other security sites. They may
know.
> A client of mine got hacked over the weekend.
>
> The hacker was PoisonBOx or someone posing as PoisonBOx.
>
> They only infected default.asp, index.asp and default.htm, index.htm
pages.
> Thankfully, on this particular box, we don't use any of them.
>
> Obviously there are vulnerabilities lurking around in IIS4/SP6 that need
to
> be addressed and the client is now in the process of making sure each and
> every patch/hot fix that exists is in place and that permissions are set
up
> as they should be.
>
> My question is, has anybody else been affected by this particular hacker,
> and if so, did you ever find out how exactly they got in?
>
> A search on PoisonBOx turned up 74 results, with news articles from
websites
> being hacked, etc. But I can't find anything on whether or not they
figured
> out how the &*^%#@ got in!
>
> Ahh, Monday morning..... how sweet it is.
>
> Thanks for any feedback...,
>
> Erika
>
> "Whatever you can do, or dream you can, begin it. Boldness has genius,
> power, and magic in it." - Goethe
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
