You wake up one morning to find your website changed and possibility even linking to some 3rd party website hosting malware. Not good at all.
You immediately jump into action, assessing the situation - How did they get in? What exploit was used? XSS? SQL Injection? Did they really change the server or is it some form of ARP Poisoning? Did they have access to sensitive data? Was anything copied or taken from the server?...the list goes and goes.
But then what? You remove the defaced page and restore the original right? Well...not everyone.
Just a couple of days ago, a friend of mine woke up to see one of his sites defaced by an Algerian Defacement Group (otherwise known as ALgeRia HaCkeRz). He assessed the situation and believes that one of the admin accounts for the site had a weak password, that must have been the entry point. He strengthen the password, case closed.
So did he remove the defaced page?
Nah...he left it, he said it was 'kinda cool' - and I kinda agree.
http://www.vancelot.com/
(Why IE, you ask? So I could hear the kick ass music embedded. =)
--------------------------
UPDATED (7/7/08) - The defacement has been removed. Other visitors to the site were freaking out..lol
No comments:
Post a Comment