httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaqui Greenlees <jaqui_greenl...@yahoo.ca>
Subject RE: [users@httpd] Hacked Web Site
Date Fri, 19 May 2006 14:56:55 GMT

--- Don O'Neil <don@lizardhill.com> wrote:

> Well I would tend to agree with you, except for the
> fact that the 3 sites
> did not use any SQL, they were all simple html sites
> with very little
> content.
> 
> I did find something that referenced hidden field
> injections as well, but
> again, none of the sites had hidden fields.
> 
> This is why I am puzzled as to what could be going
> on here. 

I wasn't looking at the sites you arehosting, I was
looking at the 3000+ sites listed as being hacked by
them. Most of them are database driven sites, making
sql injection the most propable vector.
for static html, apache configuration for the hosting
server will very much dictate what happened and how,
the server logs for the time the hack happened will
contain a lot of data to point you at where they found
entry to hack the site.

The error log to show the fails, the access log to
show sucessful traffic, look for ip numbers in the
error log that are requesting action that is not
appropriate, then look in the access log for the same
ones. this will show what they tried, and how they
succeded.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message