[thelist] Hacked by kerem125

Brian Cummiskey brian at hondaswap.com
Fri Feb 2 09:30:33 CST 2007

Chris Dempsey wrote:
> Domain in question is www.inandaboutayrshire.com and it now redirects to
> http://killit.us/kerem.htm
Chris, the "shire" site is coming up 404 for me.  I'm assuming you shut 
off the site?

Odds are, the site had a hole in it that allowed an XSS (cross-site 
scripting) event to be added, or possibly even a SQL injection attack 
with something as simple as a <meta refresh /> tag inserted into the 
page. thus redirecting the site.

Working in e-commerce, I deal with these things daily, as sites that 
store CC numbers must meet PCI compliance..  There's always someone 
trying to grab credit card numbers, fortunately, we've yet to report a 
successful injection.

A great tool that can point out obvious holes is hackersafe.  It's not 
free though.


More information about the thelist mailing list