-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Apr 20, 2009 at 9:47 AM, Neil <kngsp...@gmail.com> wrote:
> I've run into this sort of attack before, where they change the page to > load content from elsewhere; but I couldn't figure out how they managed > to write to the sites' pages. They were hosted on a commercial webhost, > and so if it was a compromised host (which seemed like the only > possibility to me), that didn't speak well for the hosting company. > > We were having issues with the company anyways, though; so I took down > the site, sanitized the pages (and removed a bunch of junk), and put the > site back up with another company. > > But if you figure out how they got write access to a static website, I'd > love to hear it. > Most likely SQL injection. At any given time, there are hundreds of thousands of "legitimate" websites out there that are unwittingly harboring malicious code. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFJ7KtQq1pz9mNUZTMRAssaAKDYN8gqpZFaYPBOofGTjdtIbCDcSQCglwP0 W1CxTsNRR8vhO28Tq1LDm7M= =TJbX -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
