Summary

Seemingly trivial oversights led to the possibility of a major security breach. In most cases, defacement occurs because of attackers exploiting a known security vulnerability on Web servers and leaving their mark on the site. Sites such as http://alldas.org/ maintain an index of defaced sites and the mirrored contents of the defaced pages. Many times, defacement leads to discovery of a new security vulnerability. A particular attacker or group of attackers sometimes deface sites en-masse. In this chapter we discussed an instance of defacement that occurred in an unusual manner. Defacement was the goal of the activities that the attacker of Acme Travel, Inc.'s Web site carried out. The attacker could have as easily inserted a PHP or a CGI script to provide a back door to a Unix shell via a Web page. Doing so would have allowed the attacker to execute arbitrary commands on the server.