Sunday, December 5, 2010

And finally CBI got wacked.

Today morning  i woke up with the newspaper holiding and reading the entire quarter page. A dude from neighbouring country replaced the contents of CBI website.

Then i quickly opened my laptop and started searching for the real news, and also for the owner who claim this is done by them. I found this and believe as a reliable sourse for this news. and ofcourse i checked the list of 270 websites. here is the list i found.

And trust me i have tried this one. :) they did it perfectly like a 8th grade kid, doing fancy stuff in javascript. Cool animation stolen from some on else. and bunch of crapy codes which we use for decorating cheap websites.
here is the screen shot.

There is a matrix effect, in that page. its a cool math thingy and the real coder who did it and published in his blog Richard Womersley (http://www.mf2fm.co.uk/rv).

There is a cool math function using javascript that make the window go round and round.

By the way many people hates maths ;). And the most funny part is that they realy gotta a message for indian folks. So glad to see that too :). here it is.



OK. enough fun ! Lets get serious. Why this happened to all these 270 websites and including.?
Answer is quiet simple. They just got exploited through the web forms they used to submit data from the user. Example. The contact-us forms. Most of the noob coders and web designers depend upon the freely available ready made forms for this purpose and its damn sure there is a lot of loop holes to get these exploited. and many of these free codes and kept there free on websites for a 'purpose', I dont believe people in these days do a quite a lot of 'charity'. I am damn sure that most of these sites just got exploited through contact forms. 

There is another possibility to replace the contents in a website by bypassing the SQL queries. Coding is tricky and bit complicated. never happened in this attacks. Every single attack use the same single method parsing php code through the POST method. 

And you know, this attack has limits. but as deadly. fortunatly most the server settings comes with readonly attibute exept to the real onwer of the account. If this wasn't the case. the pointer files like index.htm, default.htm, index.php can be easly replace with the desires content. That means instead of posting HEX786.html, they could replace the index.htm or index.php files. :) cheers.

The similar story just happened fews days before. I dont believe this is done by any one of the so called indian cyber army or stuffs.. Some crack head broke into the some pakistani website and inserted a similar page called indian.html. Cheers to those noobs.  here is the 40 lists

This attacks can create panic wide over world. but the fact is that. its a scam nothing to fear. Ofcourse it an intrution. but not at all vital. There is a lot of method you can secure your website by just following some fool proof methods.

Here they are. :
1. learn pit falls of Php and >Net than learning how to do matix calculation using them.
2. Restrict user access, use classes, subclass and includes when ever possible. protect these function in a external folder with no acess.
3. create a stripslashes function and use it when ever there is a input function from user. Theory is that never ever trust user data. Buy one, if u dont know how to make one. :) yeah buy one.
4. Use htacces efficiently. 
5. make things complicated. or fake it like complicated. 


No comments:

You might like this.

Related Posts Plugin for WordPress, Blogger...

My Blog List