[BNM] Site cracked

[Ali]

to find the exact crack look in the raw logs for things like remote file includes.

often with these types of crack it is due to a vulnerability in 3rd party scripts, I have seen sites using phpBB2 and aMember cracked quite frequently due to publicly posted vulnerabilities - so probably the best place to look is to these type of installations and then patch em up quick.

hth

ali

On 10/05/2006 14:48:47, Paul Silver (paul at tenpastmidnight.com) wrote:
> On Wed, 10 May 2006 14:38:08 +0100, "Dave Phelan" said:
> > On 5/10/06, Tom Coady wrote:
> > > and notice the content was just changed so it looks like the crackers
> > > have live access.
> >
> > The content
> hasn't changed. The error message is different.
> >
> > What are you actually trying to do here?
> > Why do you think the site has been cracked?
> 
> To take things out of sequence:
> 
> If you look at the site (www--alexmaas--co--uk) in a web browser,
> there's
> a large message saying his site has been 'ownz'ed by the BIOS
> Team, which I think is a bit of an indicator
> it's been cracked.
> 
> Side note: The different content could be different kiddies who are
> using the same exploit to get in.
> 
> 
> Guess: he's
> wants to stop it happening again.
> 
> 
> Tom: It might be helpful to know something about the hosting so you can
> get some quick advice. And: is there anything like a database that needs
> recovering, or are you just trying to lock the crackers out again?
> 
> Cheers
> 
> Paul
> --
> Paul Silver
> http://www.paulsilver.co.uk
> http://www.tenpastmidnight.com
> 
> 
> --
> 
> BNM