Main » 2011 » Март » 16 » Hacking Site simple safety tips
11:26
Hacking Site simple safety tips
Activity hackers never fizzles. For example, only according to a hacker site zone-h.org (see Onhold), hacked on a daily basis hundreds of sites. Your site there is just no?

To crack is not necessary to be a professional hacker, in article about the so-called "kulhatskerah" using the fruits of others' works and the most simple cases of burglary. Article not in any way howto, how to hack the site. Purpose - to show how easy it is carried out hacking and recommend measures to protect the site and actions in case of break, "Kosovo Albanians".
An example of a successful search for the hacker by Russian law enforcement bodies.

How is a hack site?



The most common routes of entry to the site:
  • search of simple passwords to access the admin / ftp («the domain name", 12345, admin, test, etc.) - a large number of burglaries, oddly enough, is that way,
  • using a vulnerable script (CMS and modules).

Illustrate the Joomla + CKForms. To not into temptation, do not publish a link to the description, too easy to take advantage, but difficult to find. Vulnerability in CKForms allow to execute SQL-injection or PHP-inklyuding and, by simple manipulation, access to the admin area. Exploitation of the vulnerability via a simple query in the address bar of your browser.

It is literally five minutes and requires no serious knowledge of the attacker. Further steps will depend on the author's imagination hacking - an unpleasant defeysmenta, to the destruction site and attempt to seize control of other websites and servers.

I have taken action, but how to hack the site?


How to virtual hosting, a hacker can gain access to other sites, if all known measures taken by the site owner? Indeed, almost everywhere access to areas of a site should be differentiated by user logins and seemingly, it must secure the site from its neighbors.

Restrict one case. Poses the gravest threat startup scripts for module Apache, such as mod_perl. Run the script in this case is under the user Apache, which has access to user data sites.
A hacker, as described above, gains access to the site of one site. Then, by placing a console script, such as cgi-telnet. And if the right of the configuration files of other users of sites put up in 644 (or much less 777!), The console is easy to read the contents of files with passwords. But! Only when running perl-script is provided by the user Apache, ie under mod_perl (a similar situation with mod_php). In operation, for example, under FastCGI - this method does not give access to files. Guard against this possible by setting on the critically important files right 600, and using FastCGI.

How can I get access to the management server itself?


To cite one common example is for Linux-based systems. Similarly, first you must have access to the site of one site.
There are several vulnerabilities in the kernel through a null pointer that afflict tens of Linux-systems, such as: Linux Kernel 'sock_sendpage ()' NULL Pointer Dereference Vulnerability. There are also described and exploits (careful, it works!).
Despite the fact that this problem has long been known, there are a lot of unpatched servers, including in Russia. The easiest way to protect is described, for example here.
This does not guarantee 100% security, because for example when installing wine mmap_min_addr parameter can be reset back to 0. It is strongly recommended to use the patches, which can be taken to the page specified above, or official sources.
The discussion was conducted and Habre.
Responsibility to protect the data exploits, lies on the server administrator.

The sequence of actions to address the consequences of


"cure" the restoration of the backup is not enough, once cracking the site, come back to you. What do the site owner?
  • Try to immediately determine what files were replaced, it can be as index.php, and template files, images, etc.
  • Make screenshots consequences;
  • Must Notify hosting providers and coordinate their future actions;
  • Save files in a directory site, the modification time of files in the future will help you determine malitious user;
  • Restore from a backup site or contact your hosting provider for it to,
  • Download logs errors, and access to the site or ask their host to provide better copy them to a separate directory that is not removed when log rotation;
  • Analysis of file modification times and comparing the entries in the logs allow us to determine the nature of vulnerability and use IP-address of the attacker;
  • Update the script or (if possible) abstain from the use of vulnerable modules
  • Be sure to change all passwords.


Crime and Punishment


To punish hackers, especially if it operates under the jurisdiction of another State and shall take all measures that it can not be traced - either difficult or virtually impossible. But there are success stories.

Division K of N prosecuted under the Criminal Code st.272 "Illegal access to computer information protected by law ..." against a Russian citizen on the application of a legal entity (owner of site). In February of 2010 was carried out hacking the site of production of a Russian design studio (samopisny "script), found an intruder through a vulnerability in your site code. The purpose of hacking is the placement of advertising banners. The attacker brought his written apology the site owner requesting pretrial settlement - but he faces criminal charges and expulsion from the university. So to speak - in the interests of the investigation details were not disclosed.

If the damage is significant, and the IP-address "local" (even a dynamic and belongs to the ISP) rather than "Chinese proxy" - can be a statement and the materials available to apply for a residence to law enforcement agencies, and specifically in the department K. Investigators ask yourself hosting a formal letter of magazines and explaining the situation, the Internet service provider - who has been allocated IP-address. Companies must provide this information upon request of law enforcement.
Cracker communication with law enforcement authorities will bring many unpleasant hours, especially if the computer has traces of illegal activity, not to mention a possible prosecution.

Summary


your site's security - not only the task of the developer and host, who is obliged to ensure maximum security of servers, but the site administrator.
Trivial tips site owner:
  • nowhere to store user data access;
  • use long, complex passwords and custom logins, periodically perform their shift;
  • promptly update the scripts with the release of updates;
  • when selecting component to check for the presence of uncovered vulnerabilities;
  • monitor the rights to the script files and is especially critical configuration files,
  • means the web server (eg,. htaccess and. ftpaccess) to allow access only from your IP ;
  • yes, the authors retain copyright of scripts it is necessary, but for them, as well as fragments of the address bar of modules, and the attackers are looking for vulnerable sites - change your address at least the standard treatment for a script;
  • periodically, including external services, check availability of specific sections of the site;
  • have local backup sites.

Estimating the chance to search for the attacker - can and should apply to law enforcement authorities.

PS: The article does not claim to absolute thoroughness and focus not on IT-guru, of course, with a targeted burglary of a particular server or site may be used other means. I will be glad to add comments habrasoobschestva, including other examples.
Views: 751 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: