Re: Web Server Hacked

["Timothy Ouellette" <touellette83 () gmail com>]

I'm more interested in the attack vector than the actual hack... anyone know how the files actually got replaced? Any 
chance your both running the same version of IIS or Apache? Or possibly similar ports available on webservers etc..
  ----- Original Message ----- 
  From: Ariany Mizrahi 
  To: PaulDotCom Security Weekly Mailing List 
  Sent: Thursday, January 20, 2011 7:46 PM
  Subject: Re: [Pauldotcom] Web Server Hacked


  We actually just had one of our web servers hacked yesterday around 6:50am.  index.asp was replaced.



  Cheers,

  Ari
  http://www.securityoverflow.net



  On Thu, Jan 20, 2011 at 6:53 PM, Mike Smith <ranger.rkm () gmail com> wrote:

    Hello,

    I would like to know if anyone  has had a web server attacked using these files.

    1) default.asp
    2) index.asp
    3) main.asp
    4)shell.asp

    I have file 1,2,3, but not 4, I do not know if it was successfully uploaded, then deleted.

    Thanks,

    Mike

    _______________________________________________
    Pauldotcom mailing list
    Pauldotcom () mail pauldotcom com
    http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    Main Web Site: http://pauldotcom.com





------------------------------------------------------------------------------


  _______________________________________________
  Pauldotcom mailing list
  Pauldotcom () mail pauldotcom com
  http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
  Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com