January 14th, 2002 09:09 AM
what's the basic idea..
can somebody tell me the basic idea behind the hacking of webpages... how is it done and how to stop others from doing the same to your site.
January 14th, 2002 04:16 PM
Hacking Webpages (Defacements) is pretty much an attempt to 'leave your mark'. It can almost be viewed as High Tech Graffiti. People with a point (political or otherwise) will often deface a Webpage to leave behind their message or point of view. Some can be quite creative, like Evil Angelica Check it
Originally posted by ihsir
can somebody tell me the basic idea behind the hacking of webpages...
and some are just stupid Check it
How is it done? In short, poorly configured systems. All systems have vulnerabilities, such as "Buffer-Overflows". Defacer's will search for systems which have not set -up correctly or are not running at the current patch level. They exploit these vulnerabilities by using skill, or in most cases, a Script they have pulled down of the net.
How do you protect yourself? Education. Fully understand the system your implementing. Not just from the user manuals, search the net, see what other people have to say about the system. Ask questions here or at other technical sites. KEEP CURRENT with your patch levels. Install firewalls & intrusion detections systems. And lastly, monitor your systems, just because you believe you have done everything correctly, don't sit back, watch your systems.
January 15th, 2002 06:57 AM
An example as to how its done.
The Unicode exploit:
It seems the m$ screwed up big time with iis4 & 5 servers by allowing requests made using unicode characters to go threw before it interprets what it’s actually asking for.
First a server is located that hasn’t been patched for this, an http request is made using Unicode representation for certain characters. This allows them to go up a couple of directories, run cmd.exe and rename the existing default page (if their at all human).
They then ftp, using DOS commands and the servers ftp client, to a previously set-up ftp server and download a pre-made web page to replace the renamed one.
Of course if he/she doesn’t want to get caught, its necessary to find an ftp server with very poor security that allows anonymous logon, write privileges, and can’t be traced back to them.
This is used as a download source for the defacement page, after passing threw a few proxies before uploading it, to hide their real identity.
The way to keep this, or other things like it from happening to you, is to keep your server up to date on patches and properly configured
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
January 18th, 2002 09:26 AM
thanks for the info.