> >My company has had two websites defaced within the last week. Both times >the defacement seems to take place withing frontpage. Here is the the >actual defacement taking place: >ascta014p151.onda.com.br - - [12/Jul/2001:02:54:05 -0500] "GET / HTTP/1.1" 200 1279 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)" > >If you look, the attacker is using requests for "rbteam1.jpg" to see >whether he is successful. The machine in question is running solaris 8, >the webserver is apache 1.3.14 w/ the FP 2000 server extensions installed. >My question is, has anyone seen anything like this? Is this a frontpage >exploit, or something else? If it's something else, I'd sure like to know >what it is. > >Thanks >--John Jetmore You should try to contact Onda. Onda is a ISP here in Brazil. Unfortunally it is not too resposible for the action of its users we have a few incidents with tham and Onda doesn't really care. Anyways, here are they number: (55) - 0800-437878 (toll free) (55) - 41 - 322-7766 Good luck. -Raul Dias ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 16:07:05 PDT