Site defaced - what next?
Greg Rundlett
greg at freephile.com
Fri Aug 6 13:18:00 EDT 2004
>If they are not local, the community which they live in is probably
>interested in knowing who they are and what they do as well.
>
>
>
Still no definate answers, mostly b/c I have not had time to do anything
but redirect the site. But the logs show a significant amount of
traffic from Saudi Arabia, and the site was defaced with arabic and a
picture of Osama Bin Laden. So it looks like a free software developer
is a victim of retaliatory strikes due to the war on terror.
>Did the server get rooted as well? or just defaced ? If its not rooted,
>then you may have some log file information that may be useful. (of
>course even if its there, it may not help, depends on the sophistication
>of the attacker.)
>
>
>
No answer from the ISP yet
>Also - would you consider putting up a honeypot? If they attacked once,
>they may try again and it would be much easier to find out who it is
>if a honeypot is active.
>
>
>
I don't think it is worth the trouble. They are untouchable, and I'll
be busy rebuilding the site.
--
FREePHILE
We are 'Open' for Business
Free and Open Source Software
http://www.freephile.com
(978) 270-2425
If you are smart enough to know that you're not smart enough to be an
Engineer, then you're in Business.
More information about the gnhlug-discuss
mailing list