Comments on: Yeap I got defaced http://www.shoemoney.com/2006/10/12/yeap-i-got-defaced/ Skills to Pay the Bills Thu, 09 Feb 2012 05:45:02 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Want Links? Have Your Site Hacked! | Xuru http://www.shoemoney.com/2006/10/12/yeap-i-got-defaced/#comment-45206 Want Links? Have Your Site Hacked! | Xuru Tue, 25 Dec 2007 22:54:37 +0000 http://new.shoemoney.com/?p=332#comment-45206 [...] Written by Jeremy Luebke on October 12, 2006 – 8:29 pm - Jeremy Shoemoney woke up to a big surprise. I feel for him. It happens to the best of us. I’m glad he was able to get everything back up [...] [...] Written by Jeremy Luebke on October 12, 2006 – 8:29 pm – Jeremy Shoemoney woke up to a big surprise. I feel for him. It happens to the best of us. I’m glad he was able to get everything back up [...]

]]> By: coop http://www.shoemoney.com/2006/10/12/yeap-i-got-defaced/#comment-5713 coop Wed, 11 Apr 2007 06:11:13 +0000 http://new.shoemoney.com/?p=332#comment-5713 dam... i didnt know there was that big of a vulnerability in phpbb dam… i didnt know there was that big of a vulnerability in phpbb

]]> By: Mike Mothner http://www.shoemoney.com/2006/10/12/yeap-i-got-defaced/#comment-5712 Mike Mothner Fri, 30 Mar 2007 23:57:10 +0000 http://new.shoemoney.com/?p=332#comment-5712 I guess looking at it positively, it's an honor to be worth defacing! I guess looking at it positively, it’s an honor to be worth defacing!

]]> By: » From Shoemoney.com - Yeap I got defaced - Best AdSense News http://www.shoemoney.com/2006/10/12/yeap-i-got-defaced/#comment-5711 » From Shoemoney.com - Yeap I got defaced - Best AdSense News Fri, 27 Oct 2006 01:22:00 +0000 http://new.shoemoney.com/?p=332#comment-5711 [...] inbetween 7am and 10am this morning the website looked like this: As soon as I saw it had been defaced I took the server off line (about 10am). Imaged it then had the drive reimaged with a fresh clean OS. Then I started to restore from tape backup. While restoring I went through the old logs […] Read more… [...] [...] inbetween 7am and 10am this morning the website looked like this: As soon as I saw it had been defaced I took the server off line (about 10am). Imaged it then had the drive reimaged with a fresh clean OS. Then I started to restore from tape backup. While restoring I went through the old logs […] Read more… [...]

]]> By: Richard Overvold http://www.shoemoney.com/2006/10/12/yeap-i-got-defaced/#comment-5710 Richard Overvold Mon, 23 Oct 2006 20:54:34 +0000 http://new.shoemoney.com/?p=332#comment-5710 Man, I heard he showed a defaced site to get attention. This true Shoe? ;) Man, I heard he showed a defaced site to get attention. This true Shoe? ;)

]]> By: Zeeshan http://www.shoemoney.com/2006/10/12/yeap-i-got-defaced/#comment-5709 Zeeshan Wed, 18 Oct 2006 20:37:45 +0000 http://new.shoemoney.com/?p=332#comment-5709 This type of attack could have been contained to only that specific Web site (your friends') if PHP was executed in such a fashion that it had to adhere to a non-Apache user and group. Often people run PHP via mod_php and therefore scripts inherit the UID/GUID of Apache, which is very unsafe, causing one script to be faulty and have all of the remaining sites get affected or have their private contents easily read (say database login information in a PHP configuration script). You can apply a patch to suexec to execute the PHP under CGI mode to get back security, or if you wish to get security and performance, use FastCGI, which exceeds the performance of mod_php while giving back application safety. View http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html for more information. Lighttpd, an alternative to Apache, has native support to run PHP via FastCGI and can be found at http://www.lighttpd.net/ . Good luck. This type of attack could have been contained to only that specific Web site (your friends’) if PHP was executed in such a fashion that it had to adhere to a non-Apache user and group.

Often people run PHP via mod_php and therefore scripts inherit the UID/GUID of Apache, which is very unsafe, causing one script to be faulty and have all of the remaining sites get affected or have their private contents easily read (say database login information in a PHP configuration script).

You can apply a patch to suexec to execute the PHP under CGI mode to get back security, or if you wish to get security and performance, use FastCGI, which exceeds the performance of mod_php while giving back application safety.

View http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html for more information. Lighttpd, an alternative to Apache, has native support to run PHP via FastCGI and can be found at http://www.lighttpd.net/ .

Good luck.

]]> By: » Shoemoney defaced http://www.shoemoney.com/2006/10/12/yeap-i-got-defaced/#comment-5708 » Shoemoney defaced Wed, 18 Oct 2006 14:20:26 +0000 http://new.shoemoney.com/?p=332#comment-5708 [...] The attacker exploited a known phpbb2 vulnerability, running on a website Shoemoney was hosting for a friend, as Shoe is commenting the situation on shoemoney.com. Fortunately the attacker just replaced the index-page. You may take a look on this defacement screenshot of Shoemoney´s Blog taken by visitors [...] [...] The attacker exploited a known phpbb2 vulnerability, running on a website Shoemoney was hosting for a friend, as Shoe is commenting the situation on shoemoney.com. Fortunately the attacker just replaced the index-page. You may take a look on this defacement screenshot of Shoemoney´s Blog taken by visitors [...]

]]>