|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Raul Dias (chaos
swi.com.br)Date: Mon Jul 16 2001 - 17:44:06 CDT
>
>My company has had two websites defaced within the last week. Both times
>the defacement seems to take place withing frontpage. Here is the the
>actual defacement taking place:
>ascta014p151.onda.com.br - - [12/Jul/2001:02:54:05 -0500] "GET / HTTP/1.1" 200 1279 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
>
>If you look, the attacker is using requests for "rbteam1.jpg" to see
>whether he is successful. The machine in question is running solaris 8,
>the webserver is apache 1.3.14 w/ the FP 2000 server extensions installed.
>My question is, has anyone seen anything like this? Is this a frontpage
>exploit, or something else? If it's something else, I'd sure like to know
>what it is.
>
>Thanks
>--John Jetmore
You should try to contact Onda.
Onda is a ISP here in Brazil.
Unfortunally it is not too resposible for the action of its users
we have a few incidents with tham and Onda doesn't really care.
Anyways, here are they number:
(55) - 0800-437878 (toll free)
(55) - 41 - 322-7766
Good luck.
-Raul Dias
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]