[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RAQ3 vulnerabilities
- Subject: Re: [cobalt-security] RAQ3 vulnerabilities
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 4 Dec 2001 22:41:00 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Parker,
> The only answer I can come up with is, "The sysadmin isn't paying
> attention," and other evidence seems to back that up. Is there something
> else I'm missing?
No, you're most likely right on the money with that one. Heck, as aware about
server security I am (some call it paranoid), it even happend to me once.
One of my less important websites (a personal one, not business related) was
running PHPnuke, which is a nightmare security wise. There are more holes in
it than in my grandfather's socks. Anyhow, someone hacked the admin are of
this nuke driven site and defaced the startpage. They didn't actually get
into the server, but to my embarassment the defacement was up for a few days
before I actually noticed.
If it had been a static website, them my IDS software would have detected it
as I run a checksum over each static website each night. For dynamically
generated pages that doesn't make much sense, though. ;o)
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
Stauber Multimedia Design ____ Phone: +49-6081-946240
Eppsteiner Weg 9 ___ D-61267 Neu-Anspach ___ Germany
SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM