< Hunting for late night snacks | In Malaysia - first impressions... >

Miadhu website attacked

Miadhu, one of Technova's recently launched websites, was attacked yesterday. The intruder gained access to the site via our custom developed Content Management System(CMS) backend that handles the management operations of the site. Access to the CMS was gained by means of password guessing - a work which was made unbelievably trivial with the presence of an account name and password to match - "miadhu" for both! The attackers then attempted to delete existing content and to add data to the website of which the latter they managed to execute successfully. They left behind random messages in the articles they added - messages that were as deep and simple as a "kekeke" to ones dissing Jabir and President Maumoon.

Miadhu notified us of the intrusion and we spent a good hour rummaging through the logs, mapping out the actions of the attacker and assessing the damage. Patching the door through which the attackers entered only involved changing account names and passwords in addition to advising the client to maintain secure password policies.

The website is now back running as it were...
This entry was posted by Jaa on Saturday, September 9. 2006 at 12:23. You can leave a response, or trackback from your own blog.
Defined tags for this entry: ,
Related entries by tags:
Website for Muizzu, Suoodu & Co. now live
Moving.
Server outages
Dhivehi Document Converter 1.0 beta
Open routers at Dhiraagu hotspots?

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. security says:
    #1 2006-09-13 04:06 (Reply)

    Surely that's a problem with the CRM system as that'll be an invalid password!

  2. security says:
    #2 2006-09-13 04:08 (Reply)

    Surely that's a problem with the CMS as that'll be an invalid password!

  3. Mustaine says:
    #3 2006-09-13 07:08 (Reply)

    i think most organisations in maldives do not have password policies... and since changes in staff hapn all the time (n passwords remain unchaged), things like this will happn....

  4. witcher says:
    #4 2006-09-17 05:11 (Reply)

    hahahahahah.
    anyway.. jaa, don't you think it would make sense to disable the same string being used in both username and password fields?

    i thought was it was quite the better practice in most web and local authorization systems?

  5. jaa says:
    #4.1 2006-09-17 05:43 (Reply)

    true. the prevention of usage of same user/pass was a failure on our part really. we are now adding features to prevent usage of dictionary passwords and brute-forcing...


Add Comment


Standard emoticons like :-) and ;-) are converted to images.