Weblog entry #331 for simonw
See all weblog entries made by simonw.
#331
One of those weeks
Posted by simonw on Fri 5 Jun 2009 at 18:25
Having dealt with JSRedir-R, some bunch of script kiddies found a bit of one of our webservers that shouldn't have been running PHP, but was. My fault no doubt.
Just cleaning up, but would be easier if they hadn't run a defacement script over many many gigabytes of stuff that only looks like web pages.
As far as I can tell they defaced 1 website, put 10 defacement files in the wrong place, and defaced thousands and thousands of directories that aren't visible to anyone but me (and my boss if he cared to look).
Annoyingly the one website defaced was one I'd changed to be owned by "www-data" having advised this may have adverse security implications. Guess it did - hohum.
On the upside did find one script kiddie toolkit stashed away, which had been uploaded for safe keeping to one of our web hosting accounts.
Now have to take lots of tedious precautions, for people who probably don't know a c-shell from a sea shell.
Just cleaning up, but would be easier if they hadn't run a defacement script over many many gigabytes of stuff that only looks like web pages.
As far as I can tell they defaced 1 website, put 10 defacement files in the wrong place, and defaced thousands and thousands of directories that aren't visible to anyone but me (and my boss if he cared to look).
Annoyingly the one website defaced was one I'd changed to be owned by "www-data" having advised this may have adverse security implications. Guess it did - hohum.
On the upside did find one script kiddie toolkit stashed away, which had been uploaded for safe keeping to one of our web hosting accounts.
Now have to take lots of tedious precautions, for people who probably don't know a c-shell from a sea shell.