> -----Original Message-----
> From: Pablo Manalastas [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 02, 2001 9:30 AM
> To: [EMAIL PROTECTED]
> Subject: [plug] GMA-7 website hacked!
>
>
>
> The Phil. Daily Inquirer reported today (InfoTech section)
> that the GMA-7 website was defaced by a hacker last Wednesday.
> The news article also reports that the website is hosted by
> inter.net (Contreras/Paras/etc.). A check of the website
> http://www.gmanetwork.com/ showed that the site is running
> Apache 1.3.6/modperl 1.21/modssl 2.2.8/openssl 0.9.2b on Linux.
> Testing ssl on port 443 produced an error (bad SSL server
> certificate?). Could this error be the cause of the security
> hole? Anyone knows the details? Could modperl be the culprit?
> (magagalit si Orly dito).
Prolly not. It could be .cgi vulnerability.
So sites running apache/cgi, better check your CGIs. One tool I always use
is RFP's cgi scanner. It's
equipped with IDS-evasive-mode. I'm impressed with the result.
Btw, I am not saying that modperl 1.21/modssl 2.2.8/openssl 0.9.2b isn't
vulnerable.
Hopefully today or tom, I will receive new mails about linux security
issues.
-neil
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
