|
|
Two Big Hacks: IIS And WordPress
By Dan Morrill
Expert Author
Article Date: 2008-05-01
If you have been following the news lately, two big hacks, one in IIS and one in WordPress have been making the rounds, with hundreds of thousands of servers compromised. Someone needs to be hitting up their security department to do some due diligence.
While this is not all the security departments fault, with the two big hacks making the rounds this week, and the sheer numbers of servers compromised, like the United Nations, DHS, and Microsoft, someone needs to be wondering about the new tools that are out there, and where the reports are on the threat. It seems like (and in doing due diligence this seems to have caught everyone by surprise), where the security researchers were, and why there was almost no early warning on this one.
The news reads like a litany of pain as hundreds of thousands of high profile, and many more smaller sites dig out from under this weeks work. Most sites were taken out with a simple SQL injection, that injected an /iframe/ sequence into the actual content of the web site.
While everyone was running around looking for compromised code in the application, few were actually looking at the content of the web site.
I highly recommend that folks who want to know if they have been compromised run Xenu, this tool also looks at URL's embedded in content, so the bad malware linking code is easily found.
I also highly recommend that you use firefox and firebug to watch your page loads, you can also use Pharos or another proxy system if you want, firebug is easier in the longer run if you have a smaller site. Run Xenu through Pharos if you have a big site with hundreds of thousands of links. Tune Xenu down to 10 threads otherwise the default 100 threads will choke on most networks.
Xenu can be downloaded here. The Xenu interface is very simple to use and configure.
Panda Labs has a great digest of the issue concerning the IIS hack right here, with the Register and Security fix following up with some interesting comment and jeers at the UN and DHS.
From a security viewpoint, paranoia pays off this week, and folks should be going through all their web assets making sure that they are not delivering malware. Otherwise, Google bans really hurt, and when your web site gets hacked, it is generally going to make for a very long day.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
|
