PaulDotCom mailing list archives
Re: Web Server Hacked
From: Ariany Mizrahi <arianymizrahi () gmail com>
Date: Fri, 21 Jan 2011 00:20:09 -0500
At the time of the attack the server info was: Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 We could not find the shell.asp file anywhere or any sign that it was placed there. We do still have the index.asp file that was the page being displayed when the site was defaced. Whether these two attacks are related is still unknown. If you'd like to see the contents of the index file I'll gladly either attach it to this thread if it's allowed or paste the code in the body. Cheers, Ari http://www.securityoverflow.net On Thu, Jan 20, 2011 at 11:39 PM, Timothy Ouellette <touellette83 () gmail com>wrote:
I'm more interested in the attack vector than the actual hack... anyone know how the files actually got replaced? Any chance your both running the same version of IIS or Apache? Or possibly similar ports available on webservers etc.. ----- Original Message ----- *From:* Ariany Mizrahi <arianymizrahi () gmail com> *To:* PaulDotCom Security Weekly Mailing List<pauldotcom () mail pauldotcom com> *Sent:* Thursday, January 20, 2011 7:46 PM *Subject:* Re: [Pauldotcom] Web Server Hacked We actually just had one of our web servers hacked yesterday around 6:50am. index.asp was replaced. Cheers, Ari http://www.securityoverflow.net On Thu, Jan 20, 2011 at 6:53 PM, Mike Smith <ranger.rkm () gmail com> wrote:Hello, I would like to know if anyone has had a web server attacked using these files. 1) default.asp 2) index.asp 3) main.asp 4)shell.asp I have file 1,2,3, but not 4, I do not know if it was successfully uploaded, then deleted. Thanks, Mike _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Web Server Hacked Mike Smith (Jan 20)
- Re: Web Server Hacked Carlos Perez (Jan 20)
- Re: Web Server Hacked Ariany Mizrahi (Jan 20)
- Re: Web Server Hacked Timothy Ouellette (Jan 20)
- Re: Web Server Hacked Ariany Mizrahi (Jan 21)
- Re: Web Server Hacked Timothy Ouellette (Jan 20)
- <Possible follow-ups>
- Re: Web Server Hacked Ryan Sears (Jan 21)
- Re: Web Server Hacked Ben Jackson (Jan 21)