Gawkwire: Web Hosting and Internet News Resource: The Whir Temporarily falls to Hackers

The Whir Temporarily falls to Hackers
================================================================================
GW_Staff on 30 June, 2008 03:35:00
 
When will it end? Even secure and notable websites such as thewhir.com can be
vulnerable to hackers nowadays.  As of 3:30 PM Central Time, clicking any link
at the popular web resource site, will get you a quick redirect to www.jukez.com
and lots of headaches for visitors.
Evan Kamlet, www.Host4Yourself.com says it is possibly an SQL injection and
cleaning up this problem is limited to only a few options.
Kamlet says "It is most likely an insecure script and if luck is on your side,
no root access was gained.  First, disable the web service and any database
servers and do some forensics.  It is important to first plug the hole.
Search logs for strange SQL following a GET request:
index.php?page=1;UNION%20INSERT.. etc.  UNION, INSERT, DELETE SQL commands
generally should not be showing up in your GET requests.
Then, restore from a backup or do a mass find and replace within your database
only once you are SURE you found the entrance point..  Obviously, there can be
other causes of these defacements such as shell commands being executed in a
similar manner in order to rewrite scripts, create SQL injections, or to invoke
code injections into the scripts themselves."
Sharon Koifman, VP Marketing for Applicure considers "It's related to the fact
that hosting companies don't really protect individual applications and
Individual shared hosting clients.  The only way to prevent something like this
from happening is to change the standard of the entire industry security on the
application level."