Penetration Testing mailing list archives
Re: Hacked by aLpTurkTegin, help patching this hole
From: Danux <danuxx () gmail com>
Date: Thu, 22 May 2008 11:45:45 -0500
Hi, Well, when using, php apps, its common to find flaws related to what is called LFI (Local File Inclusion), there are a lot of cases in phpmyadmin, mambo, joomla, so on, also if you have your own applications written in php you should try to avoid this. There are a lot of flaws related to PHP, and as i mentioned if you have LFI bugs, its almost a fact that your site will be hacked. Try to see in your error_log from apache if there is php code inserted into it. its common to insert things like <? stripslashes(passthru($cmd)) ?> to bypass magic_quotes_gpc But, the best thing to do is to analyze your sites with some tools like Acunetix, nikto, code review and patch all bugs founded. Hope this helps. On Tue, May 20, 2008 at 7:46 AM, Mifa <mifa () stangercorp com> wrote:
Our website was defaced by aLpTurkTegin. We are running apache, php ect. Does anyone know how this hacker is getting in and what I can do to prevent this? Our main web directory had all but one file deleted and hackedIndex.php, a.asp(a 0 byte file) and trustscn_put_test2 were placed into the main directory. The fact that the webserver served hackedindex.php makes me think its a apache web server flaw. Any comments, suggestions? Thanks, -D ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
-- Danux, CISSP, OSCP, ISO27001 Offensive Security Consultant Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Hacked by aLpTurkTegin, help patching this hole Mifa (May 21)
- Re: Hacked by aLpTurkTegin, help patching this hole Jay D. Dyson (May 22)
- Re: Hacked by aLpTurkTegin, help patching this hole Utmost Bastard (May 22)
- Re: Hacked by aLpTurkTegin, help patching this hole Morning Wood (May 22)
- Re: Hacked by aLpTurkTegin, help patching this hole Danux (May 22)
- Re: Hacked by aLpTurkTegin, help patching this hole yummy (May 26)