We observed over 500 attempts to deface our PHPShell web site, most of which attempted to use the Chinese characters for "summon" to overwrite the index file. The following defacement attack can be found in many on-line tutorials:


Similarly, one attacker tried to deface the main page by issuing this operating system command :

echo This is Site Hacked [group name elided] > index.php;

This would have had the effect of replacing the default page on the website with just the text of the attacker's choosing. Obviously, defacement of a site can be a major public embarrassment which can lead to longer term financial losses, as well as the immediate problem of having the website unavailable to its users.