Mumbai Security and Compliance User Group

 View Only

Website Defacement Prevention (Part-II) 

Dec 27, 2011 02:03 PM

 

In 2nd part i am going to install SCSP agent on the same webserver. Then i will make some policies to prevent website defacement and to secure my webserver while it is unpatched and have lot of vulnerabilities.
 
1) I installed the SCSP agent and restart my server. Now through my SCSP Server I will make policies to secure my web server.
 
2) Log in into SCSP Server and Under Prevention tab I create a new policy named Webserver.
 
 
3) Now double click on policy. Expand Global Options > Expand Resource Lists > Expand Read Only Resource Lists > Expand Block Modification to these files > Click on List of files that should not be modified > Click Add and in Resource Path put the path of webserver wwwroot directory i.e. c:\Inetpub\wwwroot\* and click Ok and then click Apply.
 
 
4) Now Click on My Custom Programs and click on New. Write any Display Name (www in my case), select category > this program is interactive and write any name in identifier and click on Finish.
 
 
5) Under My custom programs it will show your program. Expand it and select Settings and then check Specify Interactive Programs With Custom Privileges and Expand it > Select List of Custom Interactive Programs and Click on Add. In Program Path Put the path of your website editor (notepad in my case) and username to whom you want to give permission to change the content of your website, then Click Ok and apply it.
 
 
6) Expand Resource List > Expand Writable Resource Lists > Check and Expand Allow modification to these files > Click on List of files that can be modified> Click Add and put the path of webserver wwwroot directory i.e. c:\Inetpub\wwwroot\* in Resource List > Click Ok and Apply it.
 
 
7) Now right click on Webserver policy and click on Apply. Select our agent name webserver and apply this policy.
 
 
8) Now SCSP prevention policy is enabled on our webserver.
 
9) Now again I am trying to deface website with the same techniques.
 
10) Let’s try to connect with Web Server through FTP and try to deface website. I enter Host IP Address and select anonymous option.
 
 
11) I successfully logged in Webserver. Now I try to change the content of Index page. After making changes in index page when I try to save it. I got the error means I am not able to change the content of index page.
 
 
12) Now let’s try through shell I already uploaded on webserver.
 
13) Now i access my shell through browser (http://192.168.42.78/upload/ninja.php)
 
 
14) I click on wwwroot and click on edit index.php and change the content of index page. When i am trying to save it nothing will happen. I am not able to change the content of Index page.
 
 
It means we are able to prevent website defacement with Symantec Critical System Protection.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Apr 29, 2015 10:37 PM

Hi,

 

Nice article you wrote here. I have 1 question though. Is it normal if we scan (using nmap perhaps) a host with SCSP installed, the scanned result will be varied? Let say, a host with SCSP installed has been scanned with nmap and will resulted with 3 tcp port open. And next time (lets say in a minutes), the result shown 10 tcp port are open. Is it OK? Thank you.

Related Entries and Links

No Related Resource entered.