Shlomi Fish (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} shlomif) wrote in ![[info]](http://l-stat.livejournal.com/img/community.gif){kind=small} shlomif_hsite,@ 2007-01-17 22:06:00 |
|
| Current location: | Home |
| Current mood: |  tired |
| Current music: | D.C. Simpson - Impossible to Tell |
| Entry tags: | cracking, fish, html, intrusion, link, links, shlomi, spam, static |
www.shlomifish.org had been Link Spammed
Instead of the usual update on what's new on the site, this entry has some news to convey. As it turns out, many of the pages on http://www.shlomifish.org/ were spammed with link spam to medications' sites. This is especially troubling because the pages in question were static HTML pages, that were served unmodified by the server from hard disk directory. This indicates that the server was maliciously intruded and the files were modified. I encountered link spam before in wikis, weblogs and news sites, but this is the first time that I witnessed a static HTML site getting spammed, and by cracking it.
The files's timestamps indicate that most files were changed on the 1-December-2006 (probably by a script), but some files were modified as early as 23-December-2006, albeit in a slightly different way. The files were left spammed, because many resources on the site are not updated by the normal site update, and the links were kept hidden from visible eyes. It is still unclear how the intruder gained access to run the script on the server.
The site was restored to its unaffected state, and preventive measures were taken to mitigate the problem: passwords and keys were changed, and the site now has a unified build system to the site that uploads all the relevant resources from my home workstation to the server.
I also hope that next time this happens (if it does), my hosting and I have the appropriate measures in place to find out how it was done.
Now I can continue working on my home site and on my other projects.
Regards, Shlomi Fish.
