12-02-2006, 11:18 PM
| | Re: Hidden spam links injected into web pages
Todd H. wrote:
> Web page defacements aren't all that new, but perhaps this is a novel
> use for them.
> What active scripting are you using on your site (e.g. php?, what
> scripts?) ? That's a more likely injection vector than a cracked ftp
Actually, since regular FTP passwords are all sent in cleartext, it
doesn't have to be cracked, it can be sniffed out. FTP is quite a likely
injjection vector because of that.
A decent webhosting company keeps logs of FTP connections though, so
they should be able to track at the very least connections made to the
web space from IPs different than normal, and that way track the
defacers/crackers and report them to the authorities (it's a crime in
many countries punishable by law). If they don't log, demand they start
logging, or find another hosting company :P
Something you could do instead would be to ask for SFTP access instead
of FTP to update your pages. This way neither the login nor the data
uploaded can be sniffed out.