Hacker on MLW-A

Today some our our viewers may have seen the rather rudimentary work of a visiting hacker to our website as the web-page itself showed that it was “hacked”.  We take hacking attempts on our website as well as our client’s websites very seriously and employ every security methodology possible to keep them out, however any time you open a “piece” of a website up for a user to interact with, it opens the door to the “house” so-to-speak; at this point a hacker has access to areas of the site in which may give them more permissions than usual.  We have identified this “hacker” and banned them.

Details on the Hack
The website has a feature where a user can upload file attachments. The hacker used a php exploit to upload that file to the web-root as the file “default.htm”  Being the folder is writable by Apache (by default) to allow these uploads in various areas of the site, the hacker could only write this “new file” and could not “over-write” or read existing files.

Was my data compromised?
No, the hacker was only able to exploit a php upload venerability that caused the server to write his file (htm only) in the web-root.  He could not read any secured files or other files that were not otherwise intended for public view.

Did the hacker delete your files or compromise any of your data?
No, again the hacker could only write a file that hadn’t already existed being the Unix file-system allows “READ-ONLY” permissions to be assigned to individual files (which is hard-coded).

Can this happen again or to my site?
To our site, yes, to our client’s sites, no.  We still allow upload of files via the public; however we have taken measures to ensure that an indexed paged (default page for the web-server) cannot be uploaded.  This cannot happen to clients as none of them have the upload ability outside of their control panels, which is locked down just for the client.

Leave a Reply

Your email address will not be published. Required fields are marked *