[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Fwd: hi, need help

From: "Stephan Wehner" <stephanwehner@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Fwd: hi, need help
Date: Thu, 13 Nov 2008 09:40:24 -0800

This happened to me a few years ago.

Not knowing what happened to my pages, I disconnected the server from
the network and scanned the logs. I found several PUT and DELETE
entries and realized that I had configured Apache to support PUT and
DELETE, but for host names other than I had intended. It turned out
they could have wiped out a lot more than they did. It's also pretty
easy for them: just scan the web for servers that accept PUT / DELETE.

I verified with a little script that PUTs and DELETEs in fact went
through, then changed the Apache configuration, and checked that the
script couldn't make any more changes. At this point it wasn't clear
whether there were other holes, but now I feel comfortable that the
misconfiguration was responsible.

If you don't have backups (I did) maybe the Google cache can help, or
the Internet Archive, www.archive.org

Fixing the Apache configuration wasn't that hard; not sure what server
you are using.

Good luck!

Stephan

On Thu, Nov 13, 2008 at 12:52 AM, Dhiraj Mahajan
<dhirajsmahajan@xxxxxxxxx> wrote:
> some hacker has hacked my website. (displaying hacked by turkish
> hacker), now wht shld i do to retrieve my
> original website. so please guide me how to get rid of tht
>
> --
>
>
> Thanks & Regards,
>
>
> Dhiraj S Mahajan,
>
>
>
> --
>
>
> Thanks & Regards,
>
>
> Dhiraj S Mahajan,
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>

-- 
Stephan Wehner

-> http://stephan.sugarmotor.org
-> http://www.thrackle.org
-> http://www.buckmaster.ca
-> http://www.trafficlife.com
-> http://stephansmap.org

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] Fwd: hi, need help
  - From: Dhiraj Mahajan

Prev by Date: RE: [WEB SECURITY] Fwd: hi, need help
Next by Date: Re: [WEB SECURITY] thoughts on two-factor web authentication?
Previous by thread: RE: [WEB SECURITY] Fwd: hi, need help
Next by thread: Re: [WEB SECURITY] Fwd: hi, need help
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site