There seems to be a lot of sites that got hit in the past week or so. There was a fairly "big" hole in PHP discovered in the past week or so that might have been the cause for someof them. I know of two PHP based sites that were hacked recently but I'm not sure as to the specific cause. The owner of one says he wasn't staying on top of the security updates. Lesson learned - but too bad it had to be learned like that.
posted by Fat Elvis at 6:49 AM on March 5, 2002

3 Sites I work on were hacked this past weekend. Nothing too damaging, came in on Port 80 and changed the default home page to some goofy slogan.

("Ola, you've been hacked!")

None of these sites use PHP. In fact, they are all Win2k boxes. Anyone know why the sudden frequency?
posted by glenwood at 8:01 AM on March 5, 2002

You mean "crackers". Hackers are curious, technically proficient persons. Crackers are malicious and do damage. Please don't pollute the word any further.

I'm more paranoid than most; I came to my current job from computer security consulting. Still, I wonder at places that don't have at least one person assigned to subscribe to BugTraq so they know when holes (like the one in PHP) show up. I know, I know; they're too busy and don't have the time. And how much time did it take to clean up the mess?

As to Win2K - well, if you use IIS you're asking for it. Even insurance companies know this.
posted by hadashi at 8:48 AM on March 5, 2002

I had the same problem with my bravenet counter. I have moved over to sitemeter now....it has no ads, but u do get used to an interface, however bad it might be.
posted by justlooking at 9:26 AM on March 5, 2002

Hadashi,

Thank you very much for the highly expected Win2K remark. I didn't mention my platform in the interest of derailing the thread, I mentioned it because I wanted to discuss why/how/who we've seen an upswing in "cracking" in the last week.
posted by glenwood at 10:12 AM on March 5, 2002

And by the way, the link you sent regarding insurance premiums reflected nothing more than a knee-jerk response to the code red worm.
posted by glenwood at 10:13 AM on March 5, 2002

I wonder if this is linked to the recent increase in spam? I have the feeling the same kind of scum that defaces websites also feels the need to deface my inbox.
posted by Ptrin at 11:49 AM on March 5, 2002

glenwood: Hit a nerve, did I?

Sorry if pointing out that your platform is badly written and full of holes upsets you. Perhaps you can't do your work on any other platform - I do see this often - but you shouldn't be so touchy about it.

It's very simple; if you are using Win2K/IIS you are asking for it. And continued use of that platform makes certain the Microsoft will not bother fixing the critical problems that exist.

If you are stuck with that platform then you have my sympathies - I do realize that you want to get work done, not (necessarily) be a web server guru. I actually try to be somewhat tool agnostic. Use the tools that work best for you - I'll use the ones that are best for me.

I hope that Microsoft's "commitment to security" bears fruit but I wouldn't count on it. Computer security is not marketing-driven, no matter how much they want it to be.

However, on a positive note, I will say that Microsoft's reaction time for producing patches seems to be improving. It's not nearly good enough, but it is getting better.

As to your second comment; "A knee jerk reaction"? Do you have any idea how much trouble this worm caused? That the principle architectural problems that allowed it to exist still haven't been fixed? I think you're underestimating the size of the threat if you call that a "knee-jerk response". If the insurance company is required to insure something then the one that is least reliable will cost more.
posted by hadashi at 12:08 PM on March 5, 2002