 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
My site was owned and defaced. It looks like the mediawiki script that I recently installed to create a free-software community may have opened the 'door' to the site being compromised. This is unconfirmed however. With the little investigation that I've had time to do, it looks like the cracker may have used a wiki script that I have to open an 'image' or remote file that was actually a php script which in combination with allow_url_fopen would allow arbitrary code to be executed on the host. In turn, the 'image' (a shell creation script) was used to rewrite directories and files. The homepage itself is just a plain (Microsoft Frontpage) htm file. Anyway, there isn't a significant financial loss involved in this, it is more a nuisance since my site is informational. But still, my question to the group is what if anything should be done to hunt down the script-kiddie who defaced the page. Is there any regulatory body that ISP's report these incidents to? I contacted my ISP, and I downloaded a copy of the site to do my own local forensic investigation. ps. This is not in any way connected to running a CVS pserver -- an earlier thread discussed the vulnerabilities therein. -- FREePHILE We are 'Open' for Business Free and Open Source Software http://www.freephile.com (978) 270-2425 If you are smart enough to know that you're not smart enough to be an Engineer, then you're in Business.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
