Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: Hacked by aLpTurkTegin, help patching this hole
From: Danux <danuxx () gmail com>
Date: Thu, 22 May 2008 11:45:45 -0500
Hi,

Well, when using, php apps, its common to find flaws related to what
is called LFI (Local File Inclusion), there are a lot of cases in
phpmyadmin, mambo, joomla, so on, also if you have your own
applications written in php you should try to avoid this.

There are a lot of flaws related to PHP, and as i mentioned if you
have LFI bugs, its almost a fact that your site will be hacked.
Try to see in your error_log from apache if there is php code inserted
into it. its common to insert things like <?
stripslashes(passthru($cmd)) ?> to bypass magic_quotes_gpc

But, the best thing to do is to analyze your sites with some tools
like Acunetix, nikto, code review  and patch all bugs founded.

Hope this helps.


On Tue, May 20, 2008 at 7:46 AM, Mifa <mifa () stangercorp com> wrote:

Our website was defaced by aLpTurkTegin.  We are running apache, php ect.  Does anyone know how this hacker is 
getting in and what I can do to prevent this?

Our main web directory had all but one file deleted and hackedIndex.php, a.asp(a 0 byte file) and trustscn_put_test2 
were placed into the main directory.  The fact that the webserver served hackedindex.php makes me think its a apache 
web server flaw.

Any comments, suggestions?
Thanks, -D

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------






-- 
Danux, CISSP, OSCP, ISO27001
Offensive Security Consultant
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]