June 29th, 2004, 07:41 PM
Security against website defacement?
My site recently got defaced, I had the front page and basic site backed up, but the forums were totally deleted. How did this happen? They cracked the password for the ftp I'm guessing. But how did they do that? And what can I do to prevent that?
June 29th, 2004, 07:47 PM
I'm sorry, just realized I posted this in the wrong place.
June 29th, 2004, 08:05 PM
They could've used any number of tools to figure out your OS (nmap comes to mind), then grabbed a bunch of exploits for that OS, then got in through any number of methods and went from there. Once they get in as root, they can su to any user that has db access (like postgres which is the default created user for PostgreSQL databases) and from there it's simply easy to dropdb the databases, exit out, delete the user (userdel/etc), then as root, delete the files in any number of filesystems and then worse, remove the filesystems, then reboot the box.
But that's if someone's out for total system destruction. Doesn't sound like that's the case here. Sounds like they wanted to get in and muck with your web servers although I think they did get root because your webserver surely wouldn't be in control of your databases as well. Most defacers are out for public awareness (see www.thesmathers.com for where HIS site went, rofl) and not system destruction.
EDIT: hey man, who negged you? Check your AP center and find out why...you simply did nothing but apologize for an incorrectly-placed post of which didn't bother me that much...
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
June 29th, 2004, 09:11 PM
For the Skiddie's benefit, I believe the proper thing to do if you have posted in an inappropriate forum is to PM a mod and ask them to move it for you.
Don't worry about it Midnight, his handle is a good reflection of his intellect.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
June 29th, 2004, 09:21 PM
MIDnightKAO > I moved your post, although the forum you had it in wasn't that bad a choice
June 29th, 2004, 09:44 PM
Midnight, were you hosting your page or was someone else?
If you weren't then who was?
If you were then what OS were you running, what version of apache, did you patch it, what other services where you running, were you firewalled, did you give someone your password.........
The easiest way to solve this kind of situation is to think to yourself "What would I do?"
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
June 30th, 2004, 01:19 AM
I use hostrocket for hosting. What does patching it mean? I'm pretty new to this so sorry for any inconvenience. lol.
Thanks for the replies.
June 30th, 2004, 01:21 AM
Isnt there a way I can allow only a certain IP to log into FTP or something like that?
June 30th, 2004, 01:26 AM
If your sure that the person got in by guessing your FTP account's password (which your not) then make your password stronger. Change it and make it harder. Also, you say someone else is hosting your website? And speaking of the user who negged you, you could post his name here or you could alert Negative who it was and let him handle it.
June 30th, 2004, 01:39 AM
A few questions:
Do you know how you were defaced?
Can you post the specifications of your hosting plan / server for us?
Do you use server side scripting of any sort?
What type of database if so?
What forum software did you use?
Are you familiar with SSH and does your host allow it?
Are you sure you aren't infected with any backdoors that would sniff your FTP password?
Have you run Site Digger from Foundstone on your website?