[Moderator: I am passing this along more with the generic warning of, make sure you stay abreast of security concerns! Odds are, every site is running at least one buggy/vulnerable program or service. Stay up to date on releases and known vulnerabilities. There is NO reason to get compromised when the information is made public!] Forwarded From: Erik Parker <netmaskat_private> Originally From: Christian Antkow <xianat_private> Originally To: BUGTRAQat_private Subject: Website Pro v2.0 (NT) Configuration Issues As some of you might be aware, our website (www.idsoftware.com) was hacked this morning using the "out-of-the-box" features of Website Pro 2.0. The perpetrator used /cgi-dos/args.bat as well as /cgi-win/uploader.exe to upload new files and overwrite our index.html file with a "Free Kevin" webpage (identical to the opening page of www.2600.com). Any admins out there running Website Pro for NT might want to double check your security settings, and possibly remove these demo files if you don't have an explicit need for them to exist. Cheers, -Xian -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:14 PDT