hwg-basics archives Jul 2001 new search results previous next

RE: Protecting your site against defacement

by "Katherine Pollara" <kpollara(at)home.com>

 Date:  Mon, 23 Jul 2001 08:31:45 -0400
 To:  <hwg-basics(at)hwg.org>
 In-Reply-To:  mydamncomputer
  todo: View Thread, Original 
Andrew,
Here's something I got today from Information Week that answers some of your
question about defacing of websites.
Kate Pollara

______________________________________________

** Internet Goes Red

The "Code Red" worm ripped through Internet servers like no other
previously unleashed piece of malicious code. "We are witnessing
Internet history," says Chris Rouland, director of Internet
Security Systems X-Force, which tracks Internet vulnerabilities.
Based on reports, Code Red has infected over 225,000 servers.

The worm enters the targeted server through port 80. If the host
is running Microsoft IIS, the worm executes a malformed HTTP
"get" request to try to run a buffer overflow against the
Microsoft IIS Indexing Service dynamic-link library. Once the
worm successfully exploits the target, it starts searching for
new servers to infect, and the compromised Web site is defaced.

Code Red's ultimate target was Whithouse.gov. The worm was set to
attack the White House Web site July 20 by unleashing a torrent
of traffic at the site. According to Rouland, the White House
managed to avoid the attack by switching the site's IP address.
He says the author of Code Red made a critical design flaw by
hard-coding the White House's IP address. "That won't happen next
time," he warns.

When the ILoveYou virus struck last year, many copycats struck in
the following weeks. "I wouldn't be surprised to see many, many
copy cats of this worm," he says. In fact, reports started
surfacing Friday afternoon on security mailing list Bugtraq that
several versions may already be loose.

An explanation of, and patch for, the IIS buffer overflow
vulnerability is available at
http://update.informationweek.com/cgi-bin4/flo?y=eD2T0BqH8D0V20QKW0AN





----- Original Message -----
From: "John Aitchison" <jaitchis(at)hwy.com.au>
To: <hwg-basics(at)hwg.org>
Sent: Sunday, July 22, 2001 10:24 PM
Subject: Protecting your site against defacement


>
>
> Hi all
>
> There has been a lot of publicity recently about people defacing websites.
>
> I don't understand how this is done .. surely they have to be able to get
> (or guess through repeated attempts) your username and password
> in order to be able to FTP in to your site?
>
> What sort of reasonable precautions can be taken to guard against
> a web site defacement?
>
> thanks in advance for any insights
>
> John Aitchison

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA