A Flash Developer Resource Site

Results 1 to 6 of 6

Thread: Web Security Resources

  1. 06-19-2008, 08:57 AM #1
    FlashLackey
    FlashLackey is offline
    Hood Rich FlashLackey's Avatar
    Join Date
    Aug 2006
    Posts
    148

    Web Security Resources

    Well. Someone hacked one of my sites. This time, it wasn't an exploit of 3rd party software but a break-in on a custom web page. So, this person knew what they were doing. I found some pre-developed hacker tools installed onto the web location that pretty much gave them carte blanche to do anything possible.

    The main problem I have now is in determining how they broke in / where the vulnerability is. I'm pretty sure I had the basics covered (SQL Injection, password includes as .php, etc.).

    Does anyone have any links to a good resource for developers that covers standard exploits and how to prevent them?
    "We don't estimate speeches." - CBO Director Doug Elmendorf
    Reply With Quote Reply With Quote
  2. 06-19-2008, 09:14 AM #2
    gerbick
    gerbick is offline
    supervillain gerbick's Avatar
    Join Date
    Jul 2000
    Location
    undecided.
    Posts
    18,986
    It matters on the hack/intrusion device used. Some hacks now are XSS based and it's odd trying to avoid those hacks. I remember when I had my site(s) hacked, backdoored by one page that allowed them to write down to the filesystem by way of buffer overflow. Didn't see that one coming.

    I'll see what I can dredge up. There were a few sites that I used to hit, but it's been a while. I can't remember, but one had "eye" in it. I just can't remember the damn site.

    [ Hello ] | [ gerbick ] | [ Ω ]
    Reply With Quote Reply With Quote
  3. 06-19-2008, 12:27 PM #3
    random25
    random25 is offline
    Senior Member random25's Avatar
    Join Date
    Apr 2002
    Posts
    566
    One of the sites i run was hacked by someone in turkey last month using a WebDAV exploit.

    These files were placed on the server:
    a.htm
    default.cfm
    default.htm
    default.html
    default.swf
    GeertWilders.htm
    index.cfm
    index.htm
    index.html
    index.swf

    Luckily i don't use any of these default file names in my sites, so the site never changed, i just happened to notice that there were new files on the server that i did not create.


    These entries were in the web logs:
    2008-05-20 16:30:37 W3SVC29518 WIN104 66.36.182.11 PUT /index.cfm - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 329 2998 734

    2008-05-20 16:30:42 W3SVC29518 WIN104 66.36.182.11 PUT /index.htm - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 329 2998 531

    2008-05-20 16:30:45 W3SVC29518 WIN104 66.36.182.11 PUT /index.html - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 330 2999 546

    2008-05-20 16:31:05 W3SVC29518 WIN104 66.36.182.11 PUT /default.htm - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 331 3000 593

    2008-05-20 16:31:07 W3SVC29518 WIN104 66.36.182.11 PUT /default.html - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 332 3001 562

    2008-05-20 16:31:11 W3SVC29518 WIN104 66.36.182.11 PUT /default.cfm - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 331 3000 593

    2008-05-20 16:31:32 W3SVC29518 WIN104 66.36.182.11 PUT /default.swf - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 331 3000 500

    2008-05-20 16:31:37 W3SVC29518 WIN104 66.36.182.11 PUT /index.swf - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 329 2998 515

    2008-05-20 16:32:08 W3SVC29518 WIN104 66.36.182.11 PUT /GeertWilders.htm - 80 - 88.224.71.15 HTTP/1.0 Microsoft+Data+Access+Internet+Publishing+Provider +DAV+1.2 - - www.website.com 201 0 0 336 3005 500

    If you want to make an apple pie from scratch, you must first create the universe. Carl Sagan
    Reply With Quote Reply With Quote
  4. 06-19-2008, 09:14 PM #4
    FlashLackey
    FlashLackey is offline
    Hood Rich FlashLackey's Avatar
    Join Date
    Aug 2006
    Posts
    148
    Thank you. Any leads to a good resource would be appreciated. I've tried googling but I seem to keep ending up on little articles, etc. It just seems like there must be a more comprehensive resource somewhere. Maybe not.

    To clarify what happened to me, the hacker had installed a couple files called "indx.php" and "ind5.php" that were basically ftp UI's with a bunch of additional commands for dumping databases and other bad things. Anyone familiar with those files/systems and how they could be planted? They are in english and russian and there are references to some russian sites in the code etc.
    "We don't estimate speeches." - CBO Director Doug Elmendorf
    Reply With Quote Reply With Quote
  5. 06-20-2008, 12:33 AM #5
    gerbick
    gerbick is offline
    supervillain gerbick's Avatar
    Join Date
    Jul 2000
    Location
    undecided.
    Posts
    18,986
    Did you use an older version of PHP Mailer or PHPizapi?

    [ Hello ] | [ gerbick ] | [ Ω ]
    Reply With Quote Reply With Quote
  6. 06-20-2008, 01:24 AM #6
    FlashLackey
    FlashLackey is offline
    Hood Rich FlashLackey's Avatar
    Join Date
    Aug 2006
    Posts
    148
    No. I've never used those.
    "We don't estimate speeches." - CBO Director Doug Elmendorf
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules



Click Here to Expand Forum to Full Width

HTML5 Development Center