Quote:
|
Originally Posted by hardcampa
Quote:
|
Originally Posted by shegeek72
Quote:
|
Originally Posted by Jager
Damn it, can't these people find something else to amuse them ? I'm curious, how does someone actually "Hack" a site ?
|
By getting the password to the ftp files, or finding a back door: http://www.faqts.com/knowledge_base/...html/aid/11815 |
Lol that link was funny and completely pointless.
When someone hacks a computer in 99.999% of the cases they simply look for exploits, bad ASP or PHP code running on the web server for example, most often I would say the reason to why they succeeded is that the admin missed/didn't bother with a new patch for whatever is running on the server.
Any program that is running on a server must be kept track of and updated when there's an update.
99.9% of all web defaces etc are made by script kiddies. These guys don't know how to code or anything, they simply run bots and programs (that other have done) on computers that already been owned by some other script etc, the scripts then look for vulnerabilities at whatever sites they stumble upon. Once found they can install and deface a webpage with whatever info they want.
Admins really should follow lists like bugtraq etc to learn about new exploits, this is just common sense if you're a security aware admin.
A final note, these guys seldom, "target" a specific site. Their bot searching for vulnerabilities just happened to stumble upon a site that had a vulnerability. |
Exactly.
One additional point. "...just happened to stumble upon a site" is perhaps downsizing what goes on. The bots actually harvest a large list of hosts with vunerabilities, which the kiddies can pick and choose from. Many (if not most) machines are insufficiently patched.