-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Apr 20, 2009 at 9:47 AM, Neil <kngspook@gmail.com> wrote:
I've run into this sort of attack before, where they change the page to load content from elsewhere; but I couldn't figure out how they managed to write to the sites' pages. They were hosted on a commercial webhost, and so if it was a compromised host (which seemed like the only possibility to me), that didn't speak well for the hosting company.
We were having issues with the company anyways, though; so I took down the site, sanitized the pages (and removed a bunch of junk), and put the site back up with another company.
But if you figure out how they got write access to a static website, I'd love to hear it.
Most likely SQL injection. At any given time, there are hundreds of thousands of "legitimate" websites out there that are unwittingly harboring malicious code. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFJ7KtQq1pz9mNUZTMRAssaAKDYN8gqpZFaYPBOofGTjdtIbCDcSQCglwP0 W1CxTsNRR8vhO28Tq1LDm7M= =TJbX -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/