On Mon, Jan 28, 2008, Tom Rosenfeld wrote about "Re: Finding porn links in hacked web pages": > Hi Geoff, > Any of these comparison suggestions are fine, but they miss the point. If > the site is hacked, the hacker can come back every day, or hour and > reinstall his links. You can be sure he already has an automated process. > > You need to find the source of the break in and then plug it. After that a > comparison script will be useful to alert you to new problems.
You're right that Know that your site has been defaced is not a complete defense: It doesn't prevent your site from getting cracked in the first place, it doesn't prevent stealing your secret data. It also doesn't prevent the cracker from cracking your site again after you've (thought that you) fixed it. But what it does is give you some level of protection against "fadichot" (the English word "embarrassments" isn't strong enough for that :-)) - it protects your site from sending to thousands of its users embarrassing texts like porn links or statement like "THIS SITE HAS BEEN HACKED", or worse - giving people who download software from you, trojaned software. It gives you the opportunity to recognize this situation as soon as possible, and at least yank off the site to prevent further embarrassments. Of course, the trivial technique I suggested will only work for rarely edited static sites. In sites which are supposed to be heavily edited by many people, and dynamic sites, it is much harder for any automatic software to figure out which changes were "legitimate" and which were done by crackers. -- Nadav Har'El | Monday, Jan 28 2008, 21 Shevat 5768 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |How long a minute depends on what side of http://nadav.harel.org.il |the bathroom door you're on. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]