April 24th, 2004, 06:27 AM
How do hackers deface websites? Do they use scripts or something?
How am I able to protect against hackers from doing this?
April 24th, 2004, 06:37 AM
The main thing is vulnerabilities. There are a lot of vulnerabilities out there and you constantly have to check for updates. If you find that there is a patch, maybe give it a few days to see that nobody really experiences problems with it, then download and install it. You will be looking for patches for your OS, webserver, ftp server, firewall, or just whatever is exposed, and even things not exposed just in case they get access to the things normally not exposed.
Another method is simply to brute force maybe an ftp server or something. You should have some sort of policy set to restrict the amount of bad "guesses" when trying to connect to ftp. Just never think you're safe basically. Cause you're probably not. It's ok to be a little paranoid. If you're really interested in seeing what goes on when you're compromised you may want to get an old box and put some sort of honeypot on it. Google honeypot for more info.
Also, there are secure ftp servers/clients out there. It is definitely a good idea to use those as all transfers are encrypted. Always use secured/encrypted connections whenever possible. Hope this helps.
April 24th, 2004, 06:41 AM
Keep up to date with patches. Pay attention to your logs. Install some sort of ids. Without knowing the specifics of your server setup we wont be able to help any further than general info. Could you tell us what type of server software your running etc.. and we could give you some more detailed advice.
Ben Franklin said it best. \"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.\"
April 24th, 2004, 06:52 AM
OS: Windows XP (Soon to be FreeBSD)
Server: Apache 2
April 24th, 2004, 07:02 AM
yup for the most part scripts. when a vuln is found a way to exploit is writted, a large range of ip addresses are scanned for servers that match the criteria then the list is used to automatically exploit every ip addy on the list.
the majority of defacements are done using "known" vulns. in other word a fix has already been made to keep this from happening but has not been applied. like everyone says "patch right away"
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”