> -----Original Message----- > From: morchella [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2008 9:07 AM > To: CF-Community > Subject: Re: ringtones . com hack? wtf > > ok found this in index.htm > replaced script with (cript) > > how the hell could they over write a htm file?
With access. ;^) Considering that this is an admittedly "old" domain/server you might first review how recently you've changed your passwords/access credentials. Even in large companies (perhaps even especially in large companies) passwords often become stagnant. With even mild turnover you may quickly have a substantial community of people with access. If you're as bad as most (including me) then you probably share passwords, rarely change them and reuse them for multiple services. That makes life easier but makes you much less secure. This event is a good hammer to drive that nail through management approval. There are plenty of security holes that have allowed uncredentialled access but there aren't any that I know of that are currently active. Most of the holes out there do not let you copy a file - instead they open up a minor hole that can be used to open a slightly wider hole and so forth until the box is owned. Although there is a (minor) chance that you are the victim of a whole new security issue most likely you're not: is the server fully patched? Not just the OS, but also the WebServer, application server, database, and any other applications on it? Explore the logs for unusual behavior (especially around the modification date for that file). Look for large numbers of failed access attempts (which could indicate a dictionary attack on your password) or large numbers of failed TCP connection attempts on your firewall (which could indicate a port-scan). Most firewalls/servers track this kind of information but they are almost never configured to actually let anybody KNOW about them. There's a lot more to deal with but the core advice is to consider this a warning: do a top-to-bottom security review sooner than later. Don't just run Windows update (or whatever) and think you're set: review processes, personal, access escalation/need, physical, hardware, software and network security. If you leave a crack eventually a cockroach will find it. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:265003 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
