Archive

Author Archive

Journey towards the CISSP certification

18 June 2017 Leave a comment

I seem to have a preoccupation with information security, almost an addiction, I cannot get my mind off of it. For the last five years I have been wanting to find the time to dedicate myself to the CISSP certification, the question remains whether or not I will make time to do exactly that or not. I have been tinkering with the subject matter recently, and find that I have covered most of the domains already, but review and refocus are necessary.

Hacked and Defaced

28 October 2010 4 comments

In mid October, 2010, I discovered that my practice websites had been hacked and defaced! The same day that a relative of mine told me he was coming to town, and could visit briefly if I had time. I needed to recover from the defacement, but I also needed get my house and spare bedroom ready to receive guests. Luckily, those impacted websites were not high traffic money generators with hundreds of clients relying on them, they were for me only, so there should not have been too much pressure on me, except for that visit from a family member. What did I do?

The forensic investigation continues, but the noticeable payloads were two fold: default pages were replaced, and ftp account were created. The attack vector, from my initial assessment, was out of date Joomla pages. Visiting any of my domains revealed a dark background image with what looked like the grim reaper, and a message that said “Hacked by Bogel.” The effect was achieved by replacing the default.html and or index.php files with a special “hacked” version. Other payloads included the creation of several FTP accounts.

My immediate action was to lockout the villains, so I put a password on all publicly facing domains using htaccess files and then deleted all extraneous ftp accounts.

The exercise has also made me think about my tactics and methods going forward. For instance, I had had a casual approach to my sites, lacking the usual documentation that I would have maintained as a professional system administrator, and I suffer now for that lack of discipline. For example, I have no organized record of what files exist where, so determining overall repercussions is a challenge. Thinking about it now, I’ll need to review what common practices exist on site monitoring and formulate a monitoring strategy of my own. Perhaps I can run a cron job perl batch that continuously checks the MD5 signatures of my sites critical files and too, reports on when user accounts (including admin) are used. But again I need to review best practices on this matter before investing too much time in a monitoring strategy.

So for now, http://www.techgoat.com is locked down, as are all my subdomains, and only when I implements additional security measures will they be open again without an access credential.

%d bloggers like this: