httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don O'Neil" <...@lizardhill.com>
Subject RE: [users@httpd] Hacked Web Site
Date Fri, 19 May 2006 10:11:41 GMT
Well I would tend to agree with you, except for the fact that the 3 sites
did not use any SQL, they were all simple html sites with very little
content.

I did find something that referenced hidden field injections as well, but
again, none of the sites had hidden fields.

This is why I am puzzled as to what could be going on here. 

-----Original Message-----
From: Jaqui Greenlees [mailto:jaqui_greenlees@yahoo.ca] 
Sent: Friday, May 19, 2006 12:04 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Hacked Web Site


--- Don O'Neil <don@lizardhill.com> wrote:

> A customer of mine recently had their web site hacked and the index 
> file defaced by Milli-Harekat...
> 
>
http://www.zone-h.org/en/search/what=Milli-Harekat.Org/
> 
> Does anyone know the exploit used for this and where to find out about 
> fixing it? I have a feeling it's a brute force attack of some sort, 
> but I can't find anything.
> 

A look at the zone-h.org/en/filters links for milli-harekat.org gives a
large list of sites they have defaced. a google search will also give a list
of sites defaced.
they all seem to be sql injection attacks, which is bad site scripting. Have
your script sanitise all user supplied data to stop sql injections from
working.

The best way, rebuild the scripts with an abstraction layer between the
actual db calls and the served documents, make sure what comes from the
served documents is not executed as queries, but is inserted as data, then
you can see where the actual attack comes from and charge that person for
their illegal activities.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message