Well I would tend to agree with you, except for the fact that the 3 sites did not use any SQL, they were all simple html sites with very little content. I did find something that referenced hidden field injections as well, but again, none of the sites had hidden fields. This is why I am puzzled as to what could be going on here. -----Original Message----- From: Jaqui Greenlees [mailto:jaqui_greenlees@xxxxxxxx] Sent: Friday, May 19, 2006 12:04 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Hacked Web Site --- Don O'Neil <don@xxxxxxxxxxxxxx> wrote: > A customer of mine recently had their web site hacked and the index > file defaced by Milli-Harekat... > > http://www.zone-h.org/en/search/what=Milli-Harekat.Org/ > > Does anyone know the exploit used for this and where to find out about > fixing it? I have a feeling it's a brute force attack of some sort, > but I can't find anything. > A look at the zone-h.org/en/filters links for milli-harekat.org gives a large list of sites they have defaced. a google search will also give a list of sites defaced. they all seem to be sql injection attacks, which is bad site scripting. Have your script sanitise all user supplied data to stop sql injections from working. The best way, rebuild the scripts with an abstraction layer between the actual db calls and the served documents, make sure what comes from the served documents is not executed as queries, but is inserted as data, then you can see where the actual attack comes from and charge that person for their illegal activities. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|