Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Site defaced - what next?



My site was owned and defaced.  It looks like the mediawiki script that 
I recently installed to create a free-software community may have opened 
the 'door' to the site being compromised.  This is unconfirmed however.

With the little investigation that I've had time to do, it looks like 
the cracker may have used a wiki script that I have to open an 'image' 
or remote file that was actually a php script which in combination with 
allow_url_fopen would allow arbitrary code to be executed on the host.  
In turn, the 'image' (a shell creation script) was used to rewrite 
directories and files.  The homepage itself is just a plain (Microsoft 
Frontpage) htm file.

Anyway, there isn't a significant financial loss involved in this, it is 
more a nuisance since my site is informational.  But still, my question 
to the group is what if anything should be done to hunt down the 
script-kiddie who defaced the page.  Is there any regulatory body that 
ISP's report these incidents to?

I contacted my ISP, and I downloaded a copy of the site to do my own 
local forensic investigation.

ps. This is not in any way connected to running a CVS pserver -- an 
earlier thread discussed the vulnerabilities therein.

-- 
FREePHILE
We are 'Open' for Business
Free and Open Source Software
http://www.freephile.com
(978) 270-2425
If you are smart enough to know that you're not smart enough to be an
Engineer, then you're in Business.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org