Re: Hackers

by Paul Lochbihler <plochbihler(at)cinnabar.ca>

 Date:  Mon, 10 Jul 2000 18:26:41 -0400
 To:  "Sue Bailey" <sue(at)bartandsue.co.uk>,
<hwg-techniques(at)hwg.org>
 In-Reply-To:  barnum
  todo: View Thread, Original
Sorry for the news of the break-in Sue,

The fact that your site is hosted by an ISP, the actions you can demand may 
be limited your service level agreement with them.  What type of CGI 
scripts do you have on your site? Have these been reviewed for 
vulnerabilities which could lead to an exploit?  The permission setting in 
the web directory with respect to the access allowed by the public will 
determine who can do what to your web site.  Do you have any control over 
the security of the web server/operating system?  Depending if it is 
running on NT or a Unix flavour will determine the actions you could take 
at closing holes in the OS.

It is unfortunate that it is the client who has to pay for the haste of the 
ISP to cash in on the "Internet E-Rush".

Feel free to contact me in the list or directly (plochbihler(at)cinnabar.ca) 
if you want to get some leads as to good sources for securing your web site.

Good luck

HIH

Paul Lochbihler

At 05:52 PM 7/10/00 +0100, Sue Bailey wrote:
>Hi all.
>
>Got to work this morning to find that the public html directory of our
>website had been completely cleaned out overnight. The lovely neighbourhood
>hackers had saved me the task of getting rid of all the files we're not
>using any more. You can imagine my joy on a Monday morning.
>
>Our ISP's advice amounted to 'change your password', which we've obviously
>done - and back up back up and back up again, which I had also done - but is
>there anything else I can do to stop these ****s  having another go?
>
>Thanks for any advice,
>
>Sue

Paul Lochbihler
Network Security Analyst
Cinnabar Network Inc.
Ottawa, ON
Canada
ph. 613.262.2930
fax. 613.265.1442
plochbihler(at)cinnabar.ca
www.cinnabar.ca 

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA