919 - 926 - 9847

!@#@!#@! script kiddies

Posted At : September 21, 2009 2:40 PM | Posted By : Admin
Related Categories: Rants

Well, I finally got hacked. This is a first for me, and proves that my Linux skills are just not quite as up there as my windows admin skills. And what was the vector? The lack of queryparams inside CFshopkart. The only upside is that there were no transactions inside the cart, and no sensitive data to steal. But the defacement did muck about with several system files. Bah.

Comments (4) | del.icio.us | Digg It! | Linking Blogs | 3752 Views
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
Admin's Gravatar Not really sure what a lack of Linux admin skills has to do with the lack of cfqueryparam.
# Posted By Admin | 9/21/09 3:28 PM
Gary Gilbert's Gravatar I would say nothing, since the hack wasnt linux based but a hole in the cart.
# Posted By Gary Gilbert | 9/21/09 3:42 PM
Matthew Williams's Gravatar Mostly, I'm blaming my admin skills for not locking down apache better. The hole in the cart wasn't my fault, true, but the script kiddie shouldn't have been able to get as much widspread access as he/she did.
# Posted By Matthew Williams | 9/24/09 1:35 PM
Michael Groves's Gravatar sorry to hear dude... thanks for alerting me about
my site being hacked using same hole in cart.

thankfully, i've closed all those holes with
cfqueryparams. Our servers where already
hardened. They only got to the one page that
was not write protect on the site.
# Posted By Michael Groves | 9/26/09 2:46 AM
[Add Comment]

Follow Us Add Us