--- Don O'Neil <don@xxxxxxxxxxxxxx> wrote: > Well I would tend to agree with you, except for the > fact that the 3 sites > did not use any SQL, they were all simple html sites > with very little > content. > > I did find something that referenced hidden field > injections as well, but > again, none of the sites had hidden fields. > > This is why I am puzzled as to what could be going > on here. I wasn't looking at the sites you arehosting, I was looking at the 3000+ sites listed as being hacked by them. Most of them are database driven sites, making sql injection the most propable vector. for static html, apache configuration for the hosting server will very much dictate what happened and how, the server logs for the time the hack happened will contain a lot of data to point you at where they found entry to hack the site. The error log to show the fails, the access log to show sucessful traffic, look for ip numbers in the error log that are requesting action that is not appropriate, then look in the access log for the same ones. this will show what they tried, and how they succeded. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|