Security Incidents mailing list archives
Re: possible frontpage exploit?
From: Raul Dias <chaos () swi com br>
Date: Mon, 16 Jul 2001 19:44:06 -0300
My company has had two websites defaced within the last week. Both times the defacement seems to take place withing frontpage. Here is the the actual defacement taking place:
ascta014p151.onda.com.br - - [12/Jul/2001:02:54:05 -0500] "GET / HTTP/1.1" 200 1279 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)" If you look, the attacker is using requests for "rbteam1.jpg" to see whether he is successful. The machine in question is running solaris 8, the webserver is apache 1.3.14 w/ the FP 2000 server extensions installed. My question is, has anyone seen anything like this? Is this a frontpage exploit, or something else? If it's something else, I'd sure like to know what it is. Thanks --John Jetmore
You should try to contact Onda. Onda is a ISP here in Brazil. Unfortunally it is not too resposible for the action of its users we have a few incidents with tham and Onda doesn't really care. Anyways, here are they number: (55) - 0800-437878 (toll free) (55) - 41 - 322-7766 Good luck. -Raul Dias ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: possible frontpage exploit? Raul Dias (Jul 16)
- <Possible follow-ups>
- possible frontpage exploit? John Jetmore (Jul 16)
- Re: possible frontpage exploit? Bryan Andersen (Jul 16)
- Re: possible frontpage exploit? John Jetmore (Jul 17)