Re: OT: Website Exploits

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MLisa Kachold at <-
MJD Austin at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: keith smith
Date:  
To: Main PLUG discussion list
Subject: Re: OT: Website Exploits

Hi Joshua,

I was hoping to find a place I could report these attempted exploits.  Something like the spam email RBL's.  If it does not exist, I wonder why.

I do appreciate everyones input on how to secure our server and our code.


------------------------
Keith Smith




--- On Wed, 12/3/08, Joshua Zeidner <> wrote:
From: Joshua Zeidner <>
Subject: Re: OT: Website Exploits
To: , "Main PLUG discussion list" <>
Date: Wednesday, December 3, 2008, 6:23 PM


   Am I the only one who noticed that you *did not* ask how to secure your site?  ;)

   -jmz

On Wed, Dec 3, 2008 at 6:17 PM, keith smith <> wrote:



It is a custom site.  Basically one page does it all.  Depending on what parameters/arguments are used in the URL will depend on what content is displayed.  I setup a switch to test the URL parameters against know values.  If no know value is entered to defaults to the 404 page. 


I'm thinking that is pretty secure.


------------------------
Keith Smith



--- On Wed, 12/3/08, Lisa Kachold <> wrote:

From: Lisa Kachold <>
Subject: RE: OT: Website Exploits

To: ,
Date: Wednesday, December 3, 2008, 5:14 PM





What index.php are you using?  Is this WordPress?
http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00030.html

There are many php exploits:  http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00031.html


www.Obnosis.comhttp://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
Catch the January PLUG HackFest!   Kristy Westphal, CSO for the Arizona Department of Economic
Security will provide a one hour
presentation on forensics.

Date: Wed, 3 Dec 2008 14:57:35 -0800
From:
Subject: Re: OT: Website Exploits
To:




Thank you for the heads up on mod_security.  I'm not sure if that is installed or not.

Thanks again!


------------------------
Keith Smith


--- On Wed, 12/3/08, JD Austin <> wrote:

From: JD Austin <>
Subject: Re: OT: Website Exploits
To: , "Main PLUG discussion
list" <>
Date: Wednesday, December 3, 2008, 3:48 PM

That is a fairly common tactic. 

It exploits poor input validation and register globals in PHP.
Do yourself a huge favor and install mod_security (I assume you're using apache?)
as an extra measure of
security if you haven't already.



On Wed, Dec 3, 2008 at 3:39 PM, keith smith <> wrote:




Hi,

I am working on a website that gets a lot of exploit attempts.

They mostly look like this:  /index.php?display=http://humano.ya.com/mysons/index.htm?



Our code is set to disregard any value that is not expected. 

I'm wondering if there is a clearing house for reporting this type of stuff.  I have the IP address as reported.... if that is accurate.



Thanks in advance!

Keith








---------------------------------------------------

PLUG-discuss mailing list -

To subscribe, unsubscribe, or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Send e-mail anywhere. No map, no compass. Get your Hotmail® account now.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



---------------------------------------------------

PLUG-discuss mailing list -

To subscribe, unsubscribe, or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: PostgreSQL vs. MySQL, was: MySQL premium services?Re: PostgreSQL vs. MySQL, was: MySQL premium services?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)