Blog
Nov 8, 2009
Offsec Web Server Hacked
Offsec web server hacked, detected, and stopped
2 min read
For the past couple of weeks we have been watching escalating DOS attacks against our web server, specifically against the Metasploit Unleashed Wiki. Today as we were watching our apache logs, we noticed unusual requests. A quick analysis showed that our web server was compromised through a vulnerability in the wiki software we use for the free Metasploit course. The compromise occurred on Nov 6th,and went unnoticed for around 28 hours.
A php shell was uploaded to the wiki through an obscure vulnerability, and from there on, it got messy. The attack was mitigated early enough to prevent any critical damage to our systems, however getting hacked is never nice. No private or personal data was compromised.
Its at times like this I fondly remember the saying :
“Just because you are paranoid, it doesn’t mean they are not out to get you”
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
Enterprise Security
The Role of Leadership in Cultivating a Resilient Cybersecurity Team
Learn about the role that leadership plays in cultivating a resilient cybersecurity team.
Sep 13, 2024
5 min read
Community Spotlight
Navigating the Leap: My Journey from Software Engineering to Offensive Security
A software engineer’s journey into offensive security, sharing insights and tips for transitioning careers and thriving in the infosec field.
Sep 13, 2024
17 min read
OffSec News
Become a Certified Threat Hunter with OffSec’s New Foundational Threat Hunting Course (TH-200)
Everything you need to know about OffSec’s new course and certification – TH:200 – Foundational Threat Hunting.
Sep 9, 2024
4 min read