Re: [LUG] Apache security flaw - my website cracked

["Ed Rackham" <ed@xxxxxxxxxxxxxxx>]



 

-----Original Message-----
From: list-bounces@xxxxxxxxxxxxx [mailto:list-bounces@xxxxxxxxxxxxx]On Behalf Of Ben Goodger
Sent: 19 July 2006 13:23
To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Apache security flaw - my website cracked

On 19/07/06, Ed Rackham <ed@xxxxxxxxxxxxxxx> wrote:

Whats your friend's site address? I'll pen test it for you later to see how easy it was to hack.

 

As for legalities, it's illegal in England to gain access to one's restricted web files. Then again, others argue that if it's open for attack, it's not illegal as the doorway was always open.

It wasn't DDOSed, it was cracked into and changed. That is very illegal indeed and I know who did it or ordered the attack, hooray. Hopefully the logs will show what happened in greater detail.

[Ed Rackham] Yeah the logs usually show some juicy stuff up ^_^

http://dev.shaunevans.co.uk/ben/

The /wordpress bit was the bit hacked, but I don't have FTP access to it so I can't tell whether the data was overridden.. was it?

[Ed Rackham]  Ahh... web applications. Wordpress has a few known exploits. Web applications (Wordpress, phpBB etc...) are all well known for having common exploits out there for use against them. A simple search on www.securityfocus.com or www.packetstormsecurity.com will provide a few scripts to use.

You can prevent common exploits by keeping your server up-to-date as well as ensuring the code you use is secure.

Apache 2.0.54 with custom patches on FC5 or FC2, can't remember which.

[Ed Rackham]  Like I said above, the web applications also need keeping up-to-date.

--
Ben Goodger
#391382
---------------------

Mi admiras religiajn; ili estas fine ebliĝinta solvi la maljunegan demandon "kiel oni povas vivi sencerbe?".

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html