INTRODUCTION
Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.
Why Do They Deface?
Websites around the Web are being defaced on a large scale. They aren't being defaced to earn money or some personal profit. In most of the cases, Hacktivists around the Globe target random websites of particular group or country to show their protest against them. What they actually do is replace the Existing page on website with their own Page which often shows the Pseudoname Of the Hacker with a protesting / defacement reason.
Who Is a Defacer?
A defacer is someone who doesn't really care which site they attack; their main aim is simply to find and exploit a vulnerability on a server and then either replace the website content, or upload a file indicating that they were there. No one really knows why defacers do this, as there is no monetary gain. However, a look at some of the exploit archives indicates that different defacements groups are competing against each other. I would say that "real" hackers don't attack random sites, but rather use their knowledge to conduct targeted attacks.
How Is it done?
As I have mentioned, the defacers aren't selective in their targets; in most cases they just use automated tools to find vulnerable servers, and automatically exploit them. The exploit automatically uploads a backdoor to the compromised server which will provide, for example, shell access to the compromised server. The defacer can launch further attacks via the backdoor, such as trying to escalate privileges using local kernel exploits, or reporting the compromised server to a defacement archive. These backdoors are also sold on the black market, enabling buyers to, for example, turn a compromised server into a node in a DDoS network, or use it as spam relay host.
They have scanners that will find vulnerable servers to exploit and then will upload backdoors and some of the scanners also report the defacements to Sites like zone-h.org...
The tools defacers use to find new vulnerable servers mainly check for two types of vulnerabilities: Remote or Local File Include vulnerabilities. Here's a partial list of such free tools, all of which are publically available:
- LFI intruder
- VopCrew IJO Scanner v1.2
- Single LFI vulnerable scanner
- SCT SQL SCANNER
- Priv8 RFI SCANNER v3.0
- PITBULL RFI-LFI SCANNER
- Osirys SQL RFI LFI SCANNER
- FeeLCoMz RFI Scanner Bot v5.0 By FaTaLisTiCz_Fx
How To Prevent Defacement?
The reason behind defacement is not just weak security, but also the ignorance. Many Admins doesn't know the importance of keeping a system up to date and secured.Another major issue is that administrators automatically assume that Linux/Unix is more secure than Windows, and simply don't do any local hardening, or configuration.Proper configuration can more or less eliminate certain types of exploits. For instance, many of the exploits mentioned in this article are "File Include" type vulnerabilities, which enable an attacker to include any arbitrary file he wants; in some cases these files can be from external websites. Simply specifying which directory a specific web application or website is allowed to include files from will effectively protect against this type of exploitation.
For Educational Purpose Only | I don't support unethical activities :)
