[Owasp_wasc_distributed_web_honeypots_project] Compromised Site Notification Process

Jim Manico jim.manico at owasp.org
Wed Apr 22 18:06:16 UTC 2015


 > Anyways – this scenario should be discussed.  I would think that we 
would want to figure out some type of official OWASP notification 
process to alert ABUSE contacts as these different sites if we find that 
their web servers have been compromised.

This is very tricky, but I'd like to err on the side of ethical 
disclosure and give websites warning before publishing in public.

Aloha,
Jim

On 4/16/15 4:14 AM, Ryan Barnett wrote:
> Referencing this blog post - http://www.volexity.com/blog/?p=118. We 
> actually found the exact same thing and were about to write about it 
> and they beat us to it :(  Anyways, I have posted a bit of info here - 
> https://github.com/SpiderLabs/owasp-distributed-web-honeypots/tree/master/ShellShock-Worm. 
> So, we have a site that has been *previously compromised* and is being 
> used as a malware repo as part of this attack - 
> http://www.nms-iq.com/.  The malware files are now gone, however we 
> don’t know if it was the attacker(s) that removed it or if the site 
> has been made aware.
>
> Anyways – this scenario should be discussed.  I would think that we 
> would want to figure out some type of official OWASP notification 
> process to alert ABUSE contacts as these different sites if we find 
> that their web servers have been compromised.
>
> Let me know what you all think and we can craft up some type of 
> process and email text to run by the OWASP Board.
>
> -Ryan
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_wasc_distributed_web_honeypots_project/attachments/20150422/c840eeb3/attachment.html>


More information about the Owasp_wasc_distributed_web_honeypots_project mailing list