contain sensitive info ﬂoating around in publicly-accessible folders. • If temp ﬁle gets requested, most servers will return the plaintext, skipping the PHP pre-processor. • .php Content-Type: text/html; charset=UTF-8 • .php~ Content-Type: text/plain • etc... Content-Type: text/plain
Quantcast). • Found 230 conﬁg ﬁles visible in root of site. • Thus, 230 / 216391 = 0.11% of all websites are vulnerable. • Latest stats say that about 13.8% of the top 10,000 websites run CMSs. If we just focus on CMS-powered websites (and extrapolate), then the percentage of vulnerable sites is: • Thus, 230 / (216391 * 0.138) = 0.77% of websites running a CMS are vulnerable.
believe that I have discovered a security issue with the ________.com website. If you'd like to know more, I can disclose the full details of the issue to an engineer or software developer on your website team so the issue can be ﬁxed. Respectfully, Feross Aboukhadijeh Stanford University, Computer Security Lab
Our organization has detected suspicious trafﬁc originating from boxxy.stanford.edu (126.96.36.199) against the web site of one of our afﬁliated companies. The request URL for some of that trafﬁc was to /wp-conﬁg.php~ The trafﬁc occurred at 5 Oct 2011 11:48:26 GMT and 5 Oct 2011 12:22:50 GMT. We would appreciate it if you would investigate and resolve this matter. Thank you, ******** ******* Senior IT Security Administrator Prudential Global Data Services (PGDS-US)
about a machine registered to or administered by you. Unless you're aware of this, it indicates the machine has been broken into or otherwise compromised. When a system has been compromised at the system privilege level, rebuilding the system, applying current patches, and setting good passwords on all accounts, is the recommended way to repair the machine.
I ﬁrst alerted you to miscreant behavior coming out of boxxy on 10/6. Please let me know that you have either remedied the problem or disconnected the machine today. If we continue to get abuse complaints, I will have the machine disabled. I've copied your RCC in case you need help cleaning the machine. Thanks,
online newspaper “Summ3r” for a summer camp program “FuckYou4231” for a horror movie site “c0d3b3tt3r” for a site about coding better “usernamehere” “yourpasswordhere” “abc123456” “root” “root” <-- probably disallow remote DB connections