Re: Hacked Web Site
Don O'Neil wrote: A customer of mine recently had their web site hacked and the index file defaced by Milli-Harekat... http://www.zone-h.org/en/search/what=Milli-Harekat.Org/ Does anyone know the exploit used for this and where to find out about fixing it? I have a feeling it's a brute force attack of some sort, but I can't find anything. What makes you think it was a BF attack? IANAE, but looking over a list of exploits, I see a fairly large number against PHP pages and the like, including what appears to be HTML URI injection by means of a semicolon and HTTP 'meta-refresh' tag; so, I'd starting looking for insecure server-side scripting, especially in the absence of any evidence of compromise of the machine itself. Of course, "compromise of the machine itself" is a whole 'nother "ball of wax". You've my sympathies either way. Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hacked Web Site
Don O'Neil wrote: A customer of mine recently had their web site hacked and the index file defaced by Milli-Harekat... http://www.zone-h.org/en/search/what=Milli-Harekat.Org/ Does anyone know the exploit used for this and where to find out about fixing it? I have a feeling it's a brute force attack of some sort, but I can't find anything. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Hi Don, Please look in your auth.log (Usually in /var/log) to check for recent failed log attempts, and your httpd-*.log (Usually /var/log unless specified otherwise in your httpd.conf files) If you find something suspicious, please paste the relevant lines. I suggest *not* attaching the entire log files, as they may contain sensitive data in form of IP addresses and valid usernames. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Hacked Web Site
A customer of mine recently had their web site hacked and the index file defaced by Milli-Harekat... http://www.zone-h.org/en/search/what=Milli-Harekat.Org/ Does anyone know the exploit used for this and where to find out about fixing it? I have a feeling it's a brute force attack of some sort, but I can't find anything. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"