Great Circle Associates Firewalls
(January 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: WWW Gaffiti Immunity (Off Topic)
From: The Unseen <ian @ south-border . com>
Date: Wed, 01 Jan 1997 09:35:47 -0500
To: Brad Daugherty <bsd @ pobox . com>
Cc: Mark Johnson <mark @ hercules . reno . nv . us>, Dale Drew <ddrew @ mci . net>, Michael Idengren <midengre @ stetson . edu>, Christopher Klaus <cklaus @ iss . net>, firewalls @ GreatCircle . COM
In-reply-to: Your message of "Tue, 31 Dec 1996 14:57:19 PST." <3 . 0 . 32 . 19961231145712 . 00a49df8 @ lexicon . ins . com> 
In message <3 .
 0 .
 32 .
 19961231145712 .
 00a49df8 @
 lexicon .
 ins .
 com>, 
Brad Daugherty slapped a few random keys to produce:
>>> I don't see how CDROM provides significant advantages on a WEB
server
>>> "graffiti" attack.
>
>In order to avoid graffiti try something like this:
>
>1)Write a program that checks the size/date of the WWW directory
>	If it fails have it Kill the WWW server
>		and send email to the admin.
>2)Setup a CRON job to run the program every 15 min.
>
>If a hacker is good enough they will find it, but who would be looking
for suc
>h a random thing?
>
>Just make sure you change the size whenever you make a change to your
document
>s.

Or better yet, incorperate tripwire with MD5 file signatures into this
scheme instead of rolling your own.  Use perl to scan for perticular
files
that may have changed taking guestbooks "public" growable files into
account.

Some ideas,

Ian
Follow-Ups:
Indexed By Date Previous: Re: Air Force Web Site Hacked
From: Thomas Leitner <tom @ finwds01 . tu-graz . ac . at>
Next: Re: Air Force Web Site Hacked
From: Can Baysal <baysalc @ boun . edu . tr>
Indexed By Thread Previous: Re: Air Force Web Site Hacked
From: uskanbye @ ibmmail . com
Next: Re: WWW Gaffiti Immunity (Off Topic)
From: The Unseen <ian @ south-border . com>
Google
 
Search Internet Search www.greatcircle.com