Web-Site Security Failures
What's Happening Out There?
By Jay Heiser
The last 12 months have seen some dramatic Web-server security failures. While it should come as no surprise that high-visibility organizations like Microsoft and the Central Intelligence Agency attract digital vandalism, many relatively humble Web sites have also been targeted. It's interesting to read about the sophisticated, high-tech attacks, but most are really pretty boring -- unless your site happens to get hacked.
Mission-Critical ftp and Web Server
About a month ago, I received a call from a small software vendor that uses an Internet server to provide its product data on the Web. The company sells and updates its software with ftp. Someone had broken into the server, installed a chat server, and was using it to host a virtual party. The company tried to delete the IRC server and what seemed to be the hacker's access point, but he was able to get back in and retaliate by modifying the company's ftp server and Web-server configuration so that the servers would not restart. I was called in for advice.
After the second break-in, before calling my company, they had performed three important steps:
- They disconnected their server from the Internet.
- They made a complete backup of the server before experimenting with it again.
- They called the FBI.
The third step might seem extreme, but the software vendor was suspicious of foreign competition, and the FBI has been very diligent in tracking down digital intruders.
