|
Full Disclosure
mailing list archives
Re: what is this?
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 14 Jan 2008 18:15:50 +0300
Dear Nick FitzGerald,
--Monday, January 14, 2008, 2:52:23 PM, you wrote to full-disclosure () lists grok org uk:
NF> Ummmm -- the only part of that likely to be relevant here is the last.
NF> These kinds of web page "compromises" are typically achieved through
NF> bad/ill-configured/non-updated server-side web applications (or
NF> their underlying script engines) and are typically achieved without
NF> requiring any more special or privileged access to the victim sites
NF> than the ability to run a clever Google search or your own
NF> brute-force spidering via a bot-net, etc.
During last few months, we monitor mass infection attempts through
stollen FTP passwords.
Yes, web exploitation scenario is also possible. These are automated
exploitation requests received during a single day:
http://securityvulns.com/files/exprequests.txt
In this case there is a quick workaround (and also a good security
practice) of disabling write access for web server account. Of cause,
investigation is required anyway.
--
~/ZARAZA http://securityvulns.com/
Всегда будем рады послушать ваше чириканье (Твен)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
(Thread continues...)
|
