Turkish hackers did it again

[shopperx]

It looks like the turkish hackers decided to put in practice one of the known asp vulnerabilities early this month.

And again, the attack was directed to godaddy hosted websites.

More info:

http://blogs.zdnet.com/Ou/?p=237
http://blogs.zdnet.com/Ou/?p=239

According to the experts, no passwords were compromised, they can only replace the index.html with their own.

The ssfm hack is not something we can really defend against. It is a vulnerability in the Microsoft IIS webserving system. As Microsoft uses closed source software, we are dependant on them for a fix to this issue. They have not, as of yet, issued a patch for this vulnerability. Rest assured that your passwords have not been compromised. The attacker does not need these to insert his file into the account as it is done through a hole in the IIS system (and this is the only directory that they would have access to).

I wonder where is all the turkish traffic at the domains with traffic section coming from...

 

[James]

all i have to say is holly crap! he hit 38,000 sites in one hit

 

[maximum]

This is not a Windows-server or ASP only issue. It happens on both of the most common server formats, Windows & Unix, and any type system can be manipulated for this to occur (I have yet to see an OS built by design to be able to stop it). There are many threads on NP boards where folks mention this happening to them. I even posted one basic (I'm no guru) solution for those running PHP, here (Sorry, I don't do ASP . - convertion by a dual-language coder would be appreciated :tu: ). While you didn't mention it occurring to you (only the article...something all webmsters should read, IMHO), you may care to make sure it doesn't happen to you.