Security against website defacement?
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Security against website defacement?

  1. #1
    Junior Member
    Join Date
    Mar 2003
    Posts
    22

    Security against website defacement?

    My site recently got defaced, I had the front page and basic site backed up, but the forums were totally deleted. How did this happen? They cracked the password for the ftp I'm guessing. But how did they do that? And what can I do to prevent that?

    Thanks.
    hi

  2. #2
    Junior Member
    Join Date
    Mar 2003
    Posts
    22
    I'm sorry, just realized I posted this in the wrong place.
    hi

  3. #3
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    They could've used any number of tools to figure out your OS (nmap comes to mind), then grabbed a bunch of exploits for that OS, then got in through any number of methods and went from there. Once they get in as root, they can su to any user that has db access (like postgres which is the default created user for PostgreSQL databases) and from there it's simply easy to dropdb the databases, exit out, delete the user (userdel/etc), then as root, delete the files in any number of filesystems and then worse, remove the filesystems, then reboot the box.

    But that's if someone's out for total system destruction. Doesn't sound like that's the case here. Sounds like they wanted to get in and muck with your web servers although I think they did get root because your webserver surely wouldn't be in control of your databases as well. Most defacers are out for public awareness (see www.thesmathers.com for where HIS site went, rofl) and not system destruction.

    EDIT: hey man, who negged you? Check your AP center and find out why...you simply did nothing but apologize for an incorrectly-placed post of which didn't bother me that much...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    For the Skiddie's benefit, I believe the proper thing to do if you have posted in an inappropriate forum is to PM a mod and ask them to move it for you.

    Don't worry about it Midnight, his handle is a good reflection of his intellect.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    MIDnightKAO > I moved your post, although the forum you had it in wasn't that bad a choice

  6. #6
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    Midnight, were you hosting your page or was someone else?

    If you weren't then who was?

    If you were then what OS were you running, what version of apache, did you patch it, what other services where you running, were you firewalled, did you give someone your password.........

    The easiest way to solve this kind of situation is to think to yourself "What would I do?"
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  7. #7
    Junior Member
    Join Date
    Mar 2003
    Posts
    22
    I use hostrocket for hosting. What does patching it mean? I'm pretty new to this so sorry for any inconvenience. lol.

    Thanks for the replies.
    hi

  8. #8
    Junior Member
    Join Date
    Mar 2003
    Posts
    22
    Isnt there a way I can allow only a certain IP to log into FTP or something like that?
    hi

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    If your sure that the person got in by guessing your FTP account's password (which your not) then make your password stronger. Change it and make it harder. Also, you say someone else is hosting your website? And speaking of the user who negged you, you could post his name here or you could alert Negative who it was and let him handle it.
    Space For Rent.. =]

  10. #10
    A few questions:

    Do you know how you were defaced?
    Can you post the specifications of your hosting plan / server for us?
    Do you use server side scripting of any sort?
    What type of database if so?

    What forum software did you use?

    Are you familiar with SSH and does your host allow it?
    Are you sure you aren't infected with any backdoors that would sniff your FTP password?
    Have you run Site Digger from Foundstone on your website?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •