Folks, > The web site had a major security hole and someone walked right up > and said "boo". We were lucky. Yup, and someone finally accessed it. Web sites get bombarded by rogue "war dialers" type programs that look for vulnerabilities from hackers. They send Telnet, FTP and HTTP requests on all sorts of ports to see if there is one open for them. I know, we have Intrusion Detection Systems on the Internet portals at work. About every 3-5 minutes we get notification that we are getting hit.
> Since the damage was really tiny, this would not > likely happen.
How does anyone know the extent of the damage? Do we have any logs on the intruder's activities and steps? Doubt it! We don't know what else he (or she) has done with our web site. Do we know how the intrusion occured? Do we know what exposure and vulnerability is there? Have anyone assessed our server and web site for vulnerabilities? Have we run an electronic scan such as Internet Security Scanner to discover all of our vulnerabilities? Have the vulnerabilities been fixed or mitigated? The answers my friends are blowing in the wind.... If one joker out there hacked us he will probably brag or some other hacker can also find our hole(s) and keep on inflicting us. The mentalitiy of these hackers is for the prestige of bragging about it to their moronic friends. > > On top of which the intruder has posted an apology, a promise to > fix the > site tomorrow, and the address of the proper Vanagon root page > (http://www.vanagon.com/indexoriginal.html). Clearly a young man, > judgment > perhaps a bit shaky, but definitely not one of the bad guys.
Any one who hacks is a bad guy (or gal)! Make no mistake about it. Joel Cort Application Security Architect Xerox Corporation and owner of an 89 Syncro Westy
__________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/ |
Please note - During the past 17 years of operation, several gigabytes of
Vanagon mail messages have been archived. Searching the entire collection
will take up to five minutes to complete. Please be patient!
Return to the archives @ gerry.vanagon.com
The vanagon mailing list archives are copyright (c) 1994-2011, and may not be reproduced without the express written permission of the list administrators. Posting messages to this mailing list grants a license to the mailing list administrators to reproduce the message in a compilation, either printed or electronic. All compilations will be not-for-profit, with any excess proceeds going to the Vanagon mailing list.
Any profits from list compilations go exclusively towards the management and operation of the Vanagon mailing list and vanagon mailing list web site.