Re: defaced websites and the like

From: Rob Simmons (rsimmons@wlcg.com)
Date: 04/26/01

• Next message: Chris Shenton: "Re: defaced websites and the like"
• Previous message: Raoul Schroeder: "Re: defaced websites and the like"
• In reply to: mudman: "defaced websites and the like"
• Next in thread: Chris Shenton: "Re: defaced websites and the like"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Apr 2001 18:13:11 -0400 (EDT)
From: Rob Simmons <rsimmons@wlcg.com>
To: mudman <mudman@R181204.resnet.ucsb.edu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Most of the sites that are defaced are done so with the smallest of
effort. Usually sites are updated via ftp. Just sniff the ftp username
and password and you can violate to your heart's content.

Robert Simmons
Systems Administrator
http://www.wlcg.com/

On Wed, 25 Apr 2001, mudman wrote:

>
> Every now and then you pick up a copy of the newspaper or you are on-line
> reading CNN.com or something and you hear about these "hackers" who broke
> into yada yada's website, or did this or that to NASA or the pentagon.
>
> Usually the article follows up with something like how they posted
> pornographic material or put some signature onto the site.
>
> Of course, what they never tell you is what was actually wrong with the
> systems that these things ocurred to (obviously major news sources may
> not be a good idea for getting your security information, hah!).
>
> Are these kind of attacks on httpd itself (Apache or otherwise) or are
> said "hackers" (heh heh) breaking in through other channels or services?
>
> Maybe as a good follow up, would using one OS over another OS change
> the risk assessment for this kind of thing? (although I admit this last
> question would take into account a lot of different variables)
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE650v7v8Bofna59hYRAwg7AJ9hsPkJ++0jfB9lmveJSscLIMCq5QCgn2ft
TXS9ul+v5S4uPQ9VxeOL9Dc=
=doFC
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Chris Shenton: "Re: defaced websites and the like"
• Previous message: Raoul Schroeder: "Re: defaced websites and the like"
• In reply to: mudman: "defaced websites and the like"
• Next in thread: Chris Shenton: "Re: defaced websites and the like"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: ftp ... :On Fri, 2 Feb 2001, Benjamin Ossei wrote: ... :> By default every user has rights to their own home directory. ... :>>> Im looking for a ftp client that will keep the user in there ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: analysis of attack ?? ... > *Does the fact that the files were in the public ftp directory mean ... Which FTP server software are you using (proftpd and wu-ftpd are known ... The best things in life are free, ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) RE: ftpd question ... but i think that if you remove the ftp entry in ... If the user name is ``anonymous'' or ``ftp'', ... Is there a way to prevent anonymous users from uploading ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) RE: ftp ... all known bugs have been fixed. ... :Subject: RE: ftp ... :On Fri, 2 Feb 2001, Will Mitayai Keeso Rowe wrote: ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) RE: ftp ... :Subject: RE: ftp ... :Importance: High ... :On Fri, 2 Feb 2001, Will Mitayai Keeso Rowe wrote: ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint