Company and Website Protected by Confidentiality
The client engaged BlueBolt to assist when a file of unknown origins was discovered in the web server file directory at the root of the website.
What Happened / The Solution
BlueBolt performed analysis of site file structure to determine the extent of the threat. BlueBolt provided cleaning services on the server to find any DLLs or other files that might be dangerous. Log files and traffic was analyzed for trends and strange behavior. Based on what was found on the server, it is believed that the website was in fact under attack and was compromised in the attempt. Log files also show evidence that the attacker came back looking for back doors into the system.
How we did it / Next Steps
BlueBolt found a number of files that could cause a point of entry in the system to allow access to the web server. BlueBolt produced an official report on the exact findings and the actions taken for each situation. Due to the analysis, the BlueBolt team made a number of recommendations for mitigating security issues in the future. These recommendations included locking down the smtp server,
The Technology / Security Areas
Application Security Assessment