919 - 926 - 9847

!@#@!#@! script kiddies

Well, I finally got hacked. This is a first for me, and proves that my Linux skills are just not quite as up there as my windows admin skills. And what was the vector? The lack of queryparams inside CFshopkart. The only upside is that there were no transactions inside the cart, and no sensitive data to steal. But the defacement did muck about with several system files. Bah.

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Admin's Gravatar Not really sure what a lack of Linux admin skills has to do with the lack of cfqueryparam.
# Posted By Admin | 9/21/09 3:28 PM
Gary Gilbert's Gravatar I would say nothing, since the hack wasnt linux based but a hole in the cart.
# Posted By Gary Gilbert | 9/21/09 3:42 PM
Matthew Williams's Gravatar Mostly, I'm blaming my admin skills for not locking down apache better. The hole in the cart wasn't my fault, true, but the script kiddie shouldn't have been able to get as much widspread access as he/she did.
# Posted By Matthew Williams | 9/24/09 1:35 PM
Michael Groves's Gravatar sorry to hear dude... thanks for alerting me about
my site being hacked using same hole in cart.

thankfully, i've closed all those holes with
cfqueryparams. Our servers where already
hardened. They only got to the one page that
was not write protect on the site.
# Posted By Michael Groves | 9/26/09 2:46 AM