RE: hacked
From: Remko Lodder (remko_at_elvandar.org)
Date: 03/08/03
- Previous message: re re: "hacked"
- Maybe in reply to: re re: "hacked"
- Next in thread: Ion-Mihai Tetcu: "Re: hacked"
- Reply: Ion-Mihai Tetcu: "Re: hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "re re" <qt4x11@linuxmail.org>, <freebsd-questions@freebsd.org> Date: Sat, 8 Mar 2003 20:02:02 +0100
you should make a copy of your current harddrive, and lock the otherone in a
safe or something , so that you can always make additional copy's.
This requires a same sized harddisk in a other working system..
But that is propably not what you have,
You should check your webserver logs/ftp logs, for bogus entries
Note that firewalling does not prevent webdefacements, why? Well port
80/20/21
is allowed traffic, so people can get in.
IT might be possible that your ftp server got breached, what version did you
run?
What webserver did you run? with php? Is there even the slightest
possibility that
you had rwx settings on the tree where your webfiles are in, so that one
could have written code to it, or even worse, changing your index file.
I had it myself with a bogus Slashdot topic script, that allowed remote
users
to write into my files, one of my includes was overwritten and i got a
website
your.com, instead of my three tabled layout ... oops, was the script and rwx
permissions in the tree..
Goodluck !!
-- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]Namens re re Verzonden: maandag 8 maart 2004 19:56 Aan: freebsd-questions@freebsd.org Onderwerp: hacked hello despite having ipfilter blocking all ports except 80 21 and 22, tripwire, and scoring 999999 in nmap, my website got defaced. the box is currently unplugged. i wanted to know what is the best way to find out who did it and how they got in, and what to do from here. tripwire shows a lot of files changed, most of which could be attributed to cvsup'ing recently. any other security precautions to take disaster recovery guides? i've already changed p/w's on my other boxes. thanks -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: re re: "hacked"
- Maybe in reply to: re re: "hacked"
- Next in thread: Ion-Mihai Tetcu: "Re: hacked"
- Reply: Ion-Mihai Tetcu: "Re: hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
