Website Defacing ?

What you should know about web defacement?

Website defacement is an attack on a website that changes the visual appearance of the original site. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.

However, today's web defacements are more than just a graffiti or hactivism as attackers do it as a starting milestone causing more serious computer security problems like botnets, phishing, spams, malware hosting and so on. Your web application vulnerabilities exploited as a mean to own a number of compromised hosts to do evil internet activities and most of them are illegal profit making.

Therefore, generic solution for web defacement problems like restoring the web application backups without identifying the root cause of the defacement or some simply do not bother at all, is highly NOT recommended. Most of the defacement problems today are caused by poorly coded web applications and attackers managed to exploit vulnerabilities in popular web applications or plug-ins like in Joomla CMS. In some cases, the web defacement are caused by typical human factor like weak password enforcement policy and ignorance of system updates/patches. Solving the problem of web defacement by restoring backups would not solve the actual problem because the vulnerability remains and the probability of compromise reoccur is high.

On certain extent, you will never know your web application was compromised as no defacement on any page identified.

What you should do about the defacement?

The most common and immediate solution for handling defaced website is by bringing the website offline temporarily to contain the incident from further damage. The offline duration can be utilized to troubleshoot, analyze and rectify the problems. However, it is up to your upper management decision and organizational policy in order for you to do that. You should consult both references before taking any actions to perform anything that affect uptime of the compromised system.

Links below are generic guidelines on how to act and handle web defacement incidents in organization. As this is the general guidelines, most of the steps are relevant to most platforms. Your milestone may vary.

Web Defacement - Incident Handling Steps (Unix/Linux/BSD)

Web Defacement - Incident Handling Steps (Windows)

What is up next?

Websites are just more than literally having them to do business, to portray the image of an organization and keeping information flow freely on the internet. Websites must be maintained and taken care according to standard security practices. Else, it may end up as a botnet zombie, a fame to yet another infamous crackers and script kiddies on the internet. Periodical maintenance is crucial to ensure web server security remains intact, reduce downtime and avoid system compromise hassles.

Source : ww.mycert.org.my