Just for your information. This is from my university's office of information technology so I am fairly sure that it is not a false alarm. However, I am unsure whether this should concern individuals who have created their own web pages at their university or those at your university that maintain the web servers.
You also can read about the challenge at: www.eweek.com/article2/0,3959,1175877,00.asp and at: www.theregister.co.uk/content/55/31552.html Mark Eakin [EMAIL PROTECTED] University of Texas at Arlington -----Original Message----- From: Sean Lanham [mailto:[EMAIL PROTECTED] Sent: Thursday, July 03, 2003 8:47 AM To: [EMAIL PROTECTED] Subject: Security Alert - Web Defacement Challenge Importance: High UTA's Office of Information Technology has been notified by multiple government and private technology experts that hackers are planning to attack thousands of Web sites this Sunday in a loosely coordinated "contest". The aim of this competition is for the winning team to deface 6,000 web sites in 6 hours. We have learned that some reconnaissance scanning, which seeks to identify vulnerable web sites, may have already begun. OIT will distribute additional details as they become available. Please take all appropriate actions to secure any publicly accessible Web server that your department maintains, such as: - Ensure default passwords are changed. This should include web servers and any other servers (e.g. database servers) that the web server has a trusted relationship with. - Remove sample applications (CGI scripts, Active Server Pages, etc.) that are not being used from production web servers. - Lock down Microsoft Front Page Extensions. By default Front Page Extensions are installed such that everyone can use them to author web pages even through proxy servers. Note that this also applies to Front Page Extensions installed on Unix platforms. - Turn web server logging on. Logs are essential to determining how a defacement was accomplished so a recurrence can be prevented. Preferably extended log format should be enabled. - Ensure you have a current backup of your web server. In the event of a defacement, a good backup is essential to timely remediation. - Apply the latest security patches for your web server and underlying operating system after appropriate testing. If you have any specific questions please feel free to contact the Helpdesk! Sean Lanham - Information Security Officer The University of Texas at Arlington Box 19318 701 S. Nedderman Drive, Room B66 Arlington, Texas 76019-0318 Phone: (817) 272-2271 - Pager: (817) 216-0120 - Fax: (817) 272-5796 Email: [EMAIL PROTECTED] - Web: <file://www.uta.edu> www.uta.edu To request technical support: Phone: (817) 272-2208 or Email: [EMAIL PROTECTED] To report a security incident or computing abuse: Email: [EMAIL PROTECTED] To report a SPAM: Email: [EMAIL PROTECTED] This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify your email administrator. If you are not the named addressee you should not distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is prohibited. . . ================================================================= Instructions for joining and leaving this list, remarks about the problem of INAPPROPRIATE MESSAGES, and archives are available at: . http://jse.stat.ncsu.edu/ . =================================================================
