Re: Protecting your site against defacement

by "Andrew Angelopoulos" <angelopoulos(at)csi.com>

 Date:  Sun, 22 Jul 2001 23:58:20 -0400
 To:  <hwg-basics(at)hwg.org>
 References:  localhost
  todo: View Thread, Original
FTP is one way I've heard of. I'm no expert but we have had our web
site/servers defaced twice at work(once by a hacker--Ramen Noodles guy
(Linux) and by the Chinese, judging by what was put up, during the Spy plane
issue (Win NT)).

We traced both back to security holes in either the server (Windows/MS-based
programs/platforms being big offenders IMHO) or platform. In an older
version of linux, there was a way into the file system and root access
through FTP. In Windows NT/IIS there was a way were you could relative URL
your way into the file system and get write access. I'm sure there was more
to both, but that was the gist.

Best way to protect yourself? Good question. Check your web-site daily,
apply patches, read and follow lists dedicated to your server/platform esp
security issues. Web sites are public, hence always exposed. After the
Chinese thing we cut off our servers from the rest of the network. It's a
little more grief, but what else can you do?

Security is always a balance between access and convenience.

Andrew

----- Original Message -----
From: "John Aitchison" <jaitchis(at)hwy.com.au>
To: <hwg-basics(at)hwg.org>
Sent: Sunday, July 22, 2001 10:24 PM
Subject: Protecting your site against defacement


>
>
> Hi all
>
> There has been a lot of publicity recently about people defacing websites.
>
> I don't understand how this is done .. surely they have to be able to get
> (or guess through repeated attempts) your username and password
> in order to be able to FTP in to your site?
>
> What sort of reasonable precautions can be taken to guard against
> a web site defacement?
>
> thanks in advance for any insights
>
> John Aitchison

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA