« Return to Thread: Hacked by aLpTurkTegin, help patching this hole
Re: Hacked by aLpTurkTegin, help patching this hole
by Danux
::
Rate this Message:
Hi,
Well, when using, php apps, its common to find flaws related to what
is called LFI (Local File Inclusion), there are a lot of cases in
phpmyadmin, mambo, joomla, so on, also if you have your own
applications written in php you should try to avoid this.
There are a lot of flaws related to PHP, and as i mentioned if you
have LFI bugs, its almost a fact that your site will be hacked.
Try to see in your error_log from apache if there is php code inserted
into it. its common to insert things like <?
stripslashes(passthru($cmd)) ?> to bypass magic_quotes_gpc
But, the best thing to do is to analyze your sites with some tools
like Acunetix, nikto, code review and patch all bugs founded.
Hope this helps.
On Tue, May 20, 2008 at 7:46 AM, Mifa <mifa@...> wrote:
> Our website was defaced by aLpTurkTegin. We are running apache, php ect. Does anyone know how this hacker is getting in and what I can do to prevent this?
>
> Our main web directory had all but one file deleted and hackedIndex.php, a.asp(a 0 byte file) and trustscn_put_test2 were placed into the main directory. The fact that the webserver served hackedindex.php makes me think its a apache web server flaw.
>
> Any comments, suggestions?
> Thanks, -D
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
--
Danux, CISSP, OSCP, ISO27001
Offensive Security Consultant
Macula Security Consulting Group
www.macula-group.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Well, when using, php apps, its common to find flaws related to what
is called LFI (Local File Inclusion), there are a lot of cases in
phpmyadmin, mambo, joomla, so on, also if you have your own
applications written in php you should try to avoid this.
There are a lot of flaws related to PHP, and as i mentioned if you
have LFI bugs, its almost a fact that your site will be hacked.
Try to see in your error_log from apache if there is php code inserted
into it. its common to insert things like <?
stripslashes(passthru($cmd)) ?> to bypass magic_quotes_gpc
But, the best thing to do is to analyze your sites with some tools
like Acunetix, nikto, code review and patch all bugs founded.
Hope this helps.
On Tue, May 20, 2008 at 7:46 AM, Mifa <mifa@...> wrote:
> Our website was defaced by aLpTurkTegin. We are running apache, php ect. Does anyone know how this hacker is getting in and what I can do to prevent this?
>
> Our main web directory had all but one file deleted and hackedIndex.php, a.asp(a 0 byte file) and trustscn_put_test2 were placed into the main directory. The fact that the webserver served hackedindex.php makes me think its a apache web server flaw.
>
> Any comments, suggestions?
> Thanks, -D
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
--
Danux, CISSP, OSCP, ISO27001
Offensive Security Consultant
Macula Security Consulting Group
www.macula-group.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
« Return to Thread: Hacked by aLpTurkTegin, help patching this hole
| Free embeddable forum powered by Nabble | Forum Help |
