Filterset.G webpage hacked · 2008-12-15 10:02 by Wladimir Palant
Did I already mention that running a web server is dangerous? Well, it was only one part of the picture. Each server gets lots of automated requests trying to find vulnerabilities in the scripts that are installed (SQL injection vulnerabilities got particularly popular lately). But servers also get lots of requests on SSH and FTP ports trying to guess user names and passwords. So you better don’t use passwords that can be easily guessed using a dictionary attack. Even better, don’t use any passwords at all.
A recent victim of this attack is Filterset.G webpage (http://pierceive.com/~test/), apparently it uses a weak password for one of the FTP accounts. Two days ago, somebody used that account to upload a defacement web page and a PHP script that should give the attacker full control over the site. The only reason we don’t see that server sending spam or scanning for vulnerabilities in other servers — that FTP account wasn’t allowed to run PHP scripts, lucky us. If somebody can reach Graham Pierce somehow, please do (Filterset.G forum is abandoned and full of spam).
How do I know all this? Easy, the access statistics for pierceive.com are accessible to anybody who knows the address. That’s one more thing you better don’t do if you are running a web server.
Commenting is closed for this article.