Re: [LUG] Apache security flaw - my website cracked

["Ben Goodger" <goodgerster@xxxxxxxxx>]

On 19/07/06, Ed Rackham <ed@xxxxxxxxxxxxxxx> wrote:

Whats your friend's site address? I'll pen test it for you later to see how easy it was to hack.

 

As for legalities, it's illegal in England to gain access to one's restricted web files. Then again, others argue that if it's open for attack, it's not illegal as the doorway was always open.

It wasn't DDOSed, it was cracked into and changed. That is very illegal indeed and I know who did it or ordered the attack, hooray. Hopefully the logs will show what happened in greater detail.

http://dev.shaunevans.co.uk/ben/

The /wordpress bit was the bit hacked, but I don't have FTP access to it so I can't tell whether the data was overridden.. was it?

You can prevent common exploits by keeping your server up-to-date as well as ensuring the code you use is secure.

Apache 2.0.54 with custom patches on FC5 or FC2, can't remember which.

-- 
Ben Goodger
#391382
---------------------

Mi admiras religiajn; ili estas fine ebliĝinta solvi la maljunegan demandon "kiel oni povas vivi sencerbe?".
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html