Last month I blogged about Trend Micro's website being compromised as well as thousands of others with an IFRAME injection to 2117966.net .
The ISC has followed up with an analysis of the tool used to compromise the sites. It uses an SQL injection attack to infect the server, but the interesting thing is that it uses Google to enumerate the vulnerable sites first, a technique called Google Hacking.
I guess there are a few things to note here - despite the ubiquitousness of SQL, it can still be tricky to set up and is best left to people who know what they are doing. Keep your patches up-to-date, and consider carefully if you want Google (or any other search engine) to be able to index your WHOLE site and adjust your robots.txt if necessary.
The ISC article also links to some good resources if you want to properly secure your database.
No comments:
Post a Comment