spewn
Programmer
- May 7, 2001
- 1,034
i had an attack on my server last night, and the perp was able to add text links to the bottom of various pages, in various folders. not all of them, but most.
the perp was also able to create a folder with the link destinations, etc.
i was told that it might be a vunerability in my scripting, and the way in might have been a buffer overun(?).
the crazy thing is, i have an index page that pulls the content for the page from a sub file, through the 'require' call. the perp was able to know that, and put his code in that sub file, too.
it seems that the code was put in right before the closing body tag, and on pages that had multiple end body tags due to if/else statements, it was only put in once.
i'm trying to figure out if it was a scripting issue, or what. i know you may require more info, but i really don't know where to start.
thanks for any help that can be offered.
- g
the perp was also able to create a folder with the link destinations, etc.
i was told that it might be a vunerability in my scripting, and the way in might have been a buffer overun(?).
the crazy thing is, i have an index page that pulls the content for the page from a sub file, through the 'require' call. the perp was able to know that, and put his code in that sub file, too.
it seems that the code was put in right before the closing body tag, and on pages that had multiple end body tags due to if/else statements, it was only put in once.
i'm trying to figure out if it was a scripting issue, or what. i know you may require more info, but i really don't know where to start.
thanks for any help that can be offered.
- g
![[noevil]](/data/assets/smilies/noevil.gif "[noevil] [noevil]")
![[wiggle]](/data/assets/smilies/wiggle.gif "[wiggle] [wiggle]")