From: Al on 29 Apr 2010 18:20 On 4/29/2010 1:35 PM, Gary . wrote: > On 4/29/10, Al wrote: >> Ross had a good suggest about planted links to external malicious sites. One >> of >> the sites I worked on a couple of years ago had this happen. They ask me to >> look >> into it. >> >> There were about 90 htaccess files that redirected the user to a malicious >> site >> whenever there was an error, 404 etc. >> >> About 400 html files had a javascript appended on the end that sent the >> visitor's IP and the file's complete URL to a website in Russia. >> >> About 300 php files had some php code that generated html code had likewise >> sent >> the visitor's IP and the file's complete URL to a website in Russia. > [snip remainder of horror story] > > How do people get their sites into this state? Is it just me, or > wouldn't a regular comparison of MD5s of the site contents with SCM > contents stop most of that kind of thing (after the event, but still, > better that than continue in that state). You are correct in theory; but, in practice maybe somewhat limited for CMS which have DB contents and raw text files changed almost hourly. When I departed the site I was working on a couple of years ago, I left a strong recommendation that someone run my FileSniffer program weekly and check out any suspect changes. They didn't and now have the above situation.
First
|
Prev
|
Pages: 1 2 Prev: Security/Development Question Next: In need of CVS/SVN checkout script for Production servers |