On 5/19/06, Don O'Neil <don@xxxxxxxxxxxxxx> wrote:
Well I would tend to agree with you, except for the fact that the 3 sites did not use any SQL, they were all simple html sites with very little content. I did find something that referenced hidden field injections as well, but again, none of the sites had hidden fields. This is why I am puzzled as to what could be going on here.
What apache version is being used and what modules are loaded while the site is in operation? Is ssh available or is the server "advertising" other services besides http? Overall there isnt enough informastion about the "site which was hacked" to really come up with a attack path or methodolgies. HTH/Sx -- WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|