We have a web portal that is going to be running under a subdomain (e.g. sub.domain.com) If the DNS A record of the parent domain (e.g. domain.com) was changed in error to point at the server IP address, as well as the subdomain A record, would you normally expect the entire contents of the server to be publically available? This actually happened to us, and I'm trying to determine whether the developers could/should have had some sort of security (an htaccess file?) to prevent the data being made available in this way and whether they were negligent.
03-31-2011, 10:46 AM
Let me put it this way. Whoever gave an insecure system a public IP effectively invited attacks on an insecure system. Whoever made the DNS mistake is an also idiot and by inviting MORE attacks on the insecure system. Despite the idiot or idiots that invited all these attacks on an insecure system, the system WAS insecure in and of itself. If it was known to be insecure before the aforementioned idiots did their work, they are at fault. If the system was though to be secure, they still may be idiots, but they're not really at fault, unless it's at all related their jobs to ensure that systems they publicize are secure.
But, before you go chewing ass, make sure you know HOW the system was infiltrated. It's easy to blame a web app developer. But, unless you've got log entries or clear evidence that the system was broken in via the application, all you've got is an insecure system and no ideas. It could just as easily be a weak system user password as it could be a missing .htaccess file. Or, it could just as easily be an apache or firewall misconfiguration.
There's a lot that can go wrong. Don't flippantly start biting heads off until you've performed a full analysis -- ensured that the basics are in place: strong passwords, sound firewall rules, correctly installed/configured/running apache and DBMS, etc..
Also ... don't double post.
03-31-2011, 10:59 AM
Thanks for your reply. The problem was noticed quickly, no damage has been done that we know of. It's just that somebody noticed unsecure content displaying on the home page of the domain when they googled it (all the code, all the files, the application itself isn't the problem, it's all the files that run the application). The system was though to be secure and the developers don't think they have any responsibility and say that it is 100% the fault of the person that made the DNS error. I have a hard time comprehending that- in my mind 2 very stupid mistakes were made, but I certainly won't be chewing ass just yet!