Penetration Testing mailing list archives
Re: Hacked by aLpTurkTegin, help patching this hole
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Wed, 21 May 2008 10:42:46 -0700 (MST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 20 May 2008, Mifa wrote:
Our website was defaced by aLpTurkTegin. We are running apache, php ect. Does anyone know how this hacker is getting in and what I can do to prevent this?Our main web directory had all but one file deleted and hackedIndex.php, a.asp(a 0 byte file) and trustscn_put_test2 were placed into the main directory. The fact that the webserver served hackedindex.php makes me think its a apache web server flaw.Any comments, suggestions?
Not enough information is provided to yield an accurate assessment. For example, the PHP version, Apache version, other services running on the system, permissions of the affected directory, whether the site is vhosted, et cetera). With that in mind, it's anyone's guess and the best response you're going to get is a shot in the dark. Moreover, just because your web content was affected doesn't necessarily mean that the web server is at fault.
My $0.02: the intruder exploited a common flaw in one of your PHP scripts. PHP, for all its ease of use, has a habit of being the weakest link in a lot of web sites.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQFINF8W5uViX8vEG7URAjUdAJ9wG1GdDf9fmw5OYwTJby7Xe1qWlQCfYknh +H4GMqSBuYIk5Yx+Wk0JSjU= =zKjC -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Hacked by aLpTurkTegin, help patching this hole Mifa (May 21)
- Re: Hacked by aLpTurkTegin, help patching this hole Jay D. Dyson (May 22)
- Re: Hacked by aLpTurkTegin, help patching this hole Utmost Bastard (May 22)
- Re: Hacked by aLpTurkTegin, help patching this hole Morning Wood (May 22)
- Re: Hacked by aLpTurkTegin, help patching this hole Danux (May 22)
- Re: Hacked by aLpTurkTegin, help patching this hole yummy (May 26)