[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] RAQ3 vulnerabilities
- Subject: RE: [cobalt-security] RAQ3 vulnerabilities
- From: "Gary M. Root" <groot@xxxxxxxxxxxxxxx>
- Date: Tue, 4 Dec 2001 15:08:38 -0800
- Organization: Liquid Spark, LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
You might try using What's Up Gold to do HTML content scans on your
pages.
It really works great. You'll know within a few seconds if your home
page has
changed.
-Gary Root
Hi Parker,
> The only answer I can come up with is, "The sysadmin isn't paying
> attention," and other evidence seems to back that up. Is there
> something else I'm missing?
No, you're most likely right on the money with that one. Heck, as aware
about
server security I am (some call it paranoid), it even happend to me
once.
One of my less important websites (a personal one, not business related)
was
running PHPnuke, which is a nightmare security wise. There are more
holes in
it than in my grandfather's socks. Anyhow, someone hacked the admin are
of
this nuke driven site and defaced the startpage. They didn't actually
get
into the server, but to my embarassment the defacement was up for a few
days
before I actually noticed.
If it had been a static website, them my IDS software would have
detected it
as I run a checksum over each static website each night. For dynamically
generated pages that doesn't make much sense, though. ;o)
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
Stauber Multimedia Design ____ Phone: +49-6081-946240
Eppsteiner Weg 9 ___ D-61267 Neu-Anspach ___ Germany
SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security