Johannesburg, 26 Jan 2006
Some 100 South African Web sites were defaced in an attack on 21 January by a Turkish-based hacker, but Internet service provider (ISP) Web Africa says it is now better prepared to deal with future threats.
The ISP confirmed the attack, after the hacker, "one7", posted a list of defaced sites on http://www.zone-h.org/, a hacker "brag site". This follows a similar attack in September, when hackers defaced about 750 domains hosted by Web Africa.
The latest attack, says Web Africa MD Mathew Tagg, was carried out using an aspx scripting vulnerability.
"Web Africa views security issues as top priority. We employ Shavlik patch management systems to ensure patches are distributed timeously across dozens of Windows servers we manage locally and abroad," says Tagg.
This also includes attacks such as the "script kiddie" defacements, he adds. Web Africa has solicited the services of a local and a US-based company to conduct additional third-party testing, after stricter permissions settings were introduced since last Sunday to prevent future occurrences.
Catch-22
"Every ISP suffers attacks from time to time, but there is definitely a trend to keep it under wraps as much as possible in SA. It represents a catch-22 situation for ISPs, where if one announces to the world 'our servers are impenetrable with the latest xyz gizmo technology` you are just inviting a slew of zero-day exploits on your doorsteps," Tagg notes.
These are attacks that exploit undisclosed vulnerabilities and are the hardest types to defend against, and the most damaging, as they can result in root control of servers, a situation every hosting company dreads, he adds.
"Fortunately, our current security procedures have thus far ensured we have not been 'rooted`, though it would be na"ive to think this could never happen.
"The flip side is that you want to instill confidence in your clients regarding the integrity of their data and sites. There also needs to be greater transparency regarding security concerns in SA. Security through obscurity is not real security as the saying goes," Tagg says.
He explains that, in response to the latest attack, which occurred through an ISP upload on a particular client`s site, Web Africa has addressed the .NET permission issue, which will ensure that future attacks do not spread to other sites, but are limited to the targeted domain.
Good balance
But, Tagg points out, .NET permission settings are complex, and users who want additional functionality give up some degrees of security.
"So it`s important to strike a good balance," he says.
Barry Cribb, MD of Internet security group IS Digital Networks, comments that the attack again highlights the vulnerabilities of many local Web sites, resulting from inadequate security testing.
"These attacks are fairly common and they exploit obvious vulnerabilities. It`s important to get to grips with your site`s security problems and get to the root cause of these," he says.
"Vulnerabilities allow hackers to show how clever they are and to attack these sites. Unfortunately, in many cases, such attacks are never declared and are simply covered up."
Related story:
Hackers blitz SA sites
Share