Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Common Defacement Methods


ghost's Avatar
0 0

Looking at zone-h.org's defacement mirror got me wondering a couple things.

  1. what are some of the common methods people use to deface a website? i.e. rfi (very rare, and slowly dying in my opinion), specific vulnerabilities in software being used, xss, or coding errors etc.
  2. What does it take to do this to a website? i.e. It takes a full (or damn close) compromise of the entire webserver.
    What I mean by this question is it takes access to the cpanel or some other editing console to edit the actual page of a website, w/ the exception of xss, right? So would that mean a defacement is proven to be a pretty dangerous level of access to the server?
  3. what makes a defacement so "cool"? It seems most people are pretty proud of there "h@x0ring", I'm not saying they are dumb people but what makes this such a popular act?

EDIT;; if anyone can add a link to a site that explains some of the things im asking about, or offer a detailed forensic analysis of a successfull defacement of a website, such as http://www.zone-h.org/content/view/14458/31/ I would really enjoy that. Thanks.


ghost's Avatar
0 0

apescanfly223 wrote: Looking at zone-h.org's defacement mirror got me wondering a couple things.

  1. what are some of the common methods people use to deface a website? i.e. rfi (very rare, and slowly dying in my opinion), specific vulnerabilities in software being used, xss, or coding errors etc.

  2. What does it take to do this to a website? i.e. It takes a full (or damn close) compromise of the entire webserver.
    What I mean by this question is it takes access to the cpanel or some other editing console to edit the actual page of a website, w/ the exception of xss, right? So would that mean a defacement is proven to be a pretty dangerous level of access to the server?

  3. what makes a defacement so "cool"? It seems most people are pretty proud of there "h@x0ring", I'm not saying they are dumb people but what makes this such a popular act?

  4. All of these

  5. You answered the question

  6. Matrix gifs/flash.


Mr_Cheese's Avatar
0 1
  1. what are some of the common methods people use to deface a website?

There are hundreds of ways to hack a website. Have you tried any challenges and learnt anything from them? have you read any articles?

  1. What does it take to do this to a website? It depends on the website. Each website is different. Exploit a specific flaw in the website and depending on how its built (cms/admin login/database driven/etc) depends on how it can be hacked from then on.

So would that mean a defacement is proven to be a pretty dangerous level of access to the server?

no. it depends. sometimes defacements are done via specific exploits in a website. if the server is pretty well locked down, if one account is effected its rare a hacker can get further. usually the dangerous hackers and ones that have the highlest level of skill, are the ones that don't deface. If you are defaced, it could mean they have file access, but thank your lucky stars they lack the ability to do anything more dangerous.

  1. what makes a defacement so "cool"? nothing. in my eyes a defacement just shows a lack of skill. the big boys are the ones who sniff details, redirect services (smtp etc), dns inject, identity theft etc. Those defacements where th hacker puts their name on it… why dont they just phone up the fbi and give them their address? much quicker and has pretty much same effect.

usually though defacements are done on shitty insecure low profile sites. due to lack of skill.

ofcourse if the defacement is done for political gain. thats a whole differnt story. although even in this case, defacement is lame in comparison to what really could be done.


ghost's Avatar
0 0

ok cool thank you very much for the help :D