Show Posts
1
Developer's Corner / Black box testing an OSS PHP CMS
« on: July 07, 2010, 10:05 AM »
This question is geared more towards the e107 CMS, but it really applies to all CMS solutions.
I recently developed a website for my wife for her photography.
A few days ago it was hacked by a botnet intrusion. I luckily caught it within hours.
http://php-security....erability/index.html
I pulled it down and nuked the install, and began the post-mortem of the logs. As I looked through all the logs I could see the site continuously being hammered by bots trying to find vulnerabilities. I was actually fortunate that the scripting was so focused on the specific task of turning the site into another botnet node to spread to other machines and send out spam that is did very little damage to any content.
It was a sobering lesson in web security and what it is like out there in the wild. I highly recommend making sure you compress and save your website access logs and from time to time just skim through them looking at web activity, you can find other cool stuff like where people are coming from to download stuff from your site. I actually found some software reviews for some of my freeware I didn't know existed and found some people deep linking to images on my site that were simply pieces of the site navigation..
I guess for all the time I have been a user of the internet and web technologies I'm pretty naive..
So the next question is what to do with this information.
I know there are some simple steps I can take to lock down what php can do and change some of the CMS file names so the bots can't find them, because they seem to be using profiles to search for known exploits.
But beyond that I think I need to both increase my knowledge so I don't code up anything that lets the baddies in, but I can't know everything an OSS CMS is doing and while an automated solution can't catch everything it is a good place to start.
So I'm wondering if there is any OSS black box testing solution out there that people have used to at least test for the most obvious and common exploits?
I recently developed a website for my wife for her photography.
A few days ago it was hacked by a botnet intrusion. I luckily caught it within hours.
http://php-security....erability/index.html
I pulled it down and nuked the install, and began the post-mortem of the logs. As I looked through all the logs I could see the site continuously being hammered by bots trying to find vulnerabilities. I was actually fortunate that the scripting was so focused on the specific task of turning the site into another botnet node to spread to other machines and send out spam that is did very little damage to any content.
It was a sobering lesson in web security and what it is like out there in the wild. I highly recommend making sure you compress and save your website access logs and from time to time just skim through them looking at web activity, you can find other cool stuff like where people are coming from to download stuff from your site. I actually found some software reviews for some of my freeware I didn't know existed and found some people deep linking to images on my site that were simply pieces of the site navigation..
I guess for all the time I have been a user of the internet and web technologies I'm pretty naive..
So the next question is what to do with this information.
I know there are some simple steps I can take to lock down what php can do and change some of the CMS file names so the bots can't find them, because they seem to be using profiles to search for known exploits.
But beyond that I think I need to both increase my knowledge so I don't code up anything that lets the baddies in, but I can't know everything an OSS CMS is doing and while an automated solution can't catch everything it is a good place to start.
So I'm wondering if there is any OSS black box testing solution out there that people have used to at least test for the most obvious and common exploits?
