l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2010 Jan 26 19:34

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] my site was hacked
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] my site was hacked



You can alter a site's home page (or do more) with types of injection.
:( This random article has pictures of an example:

http://www.technicalinfo.net/papers/CSS.html
(See: Putting It All Together)

So depending on the site's places of 'input' - (search boxes, comment
boxes, even the address bar can be used) it is possible to inject code
and potentially do whatever you want.

Depending on the situation it may or may not be a security problem of
the hosting company but could be a vulnerability in a specific site's
code. Especially with PHP. PHP calendars, guestbooks, blogs, etc are
constant targets.

If this was an injection, and if you have access to the apache logs
you can see what exact ip address made the injection, and such. Look
for POST in the logs. A lot of times hackers will try again and again
for several days (weeks) posting random scripts until they get it. So
there can be a long track record recorded in the apache logs.

On Tue, Jan 26, 2010 at 04:31, Hai Yi <yihai2004@gmail.com> wrote:
> Gandalf: Thank you for the detailed explaination, I'll read it again.
> I checked my pages, only index.html was replaced, what really upset me
> is that now it's 48 hours after I sent the request to the ISP, still
> no response; I can understand now hacking does happend and I can fix
> the problem myself, but their services disappoint me.

-- 
Scott
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.