lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CADEnHNmKdnKnUdT7M7J4hUPscgdA_d+X0qS=2ruHsLCEE7-++Q@mail.gmail.com>
Date: Mon, 5 Dec 2011 12:30:48 +0000
From: Chris M <chris@...lroute.net>
To: Lucio Crusca <lucio@...web.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: one of my servers has been compromized

You could ch-root your apache process/webserver going forward. This would
effectively stop the malicious process when/if your machine is compromised
via web based vulnerabilities to spread to entire machine.. meaning your
area of investigation is more isolated.

I'd expect if its automatically spread to your box the vuln would be some
sort of exec via PHP or similar -- do you have php/many client sites with
outdated software/forums/message boards/image uploaders/ anything like that
on there? .. or just badly coded bespoke dynamic/cgi scripts generally..

Ps. Did you take a copy of the bot code before you deleted it? :) would
like to see it.

On Mon, Dec 5, 2011 at 12:07 PM, Lucio Crusca <lucio@...web.org> wrote:

> Ferenc Kovacs wrote:
>
> > ps: "I neverbelieved it could happen to me until it actually happened:
> > they compromizedone of my servers." this is a really bad attitude.
>
> No, it's just common saying. I apply patches, change password regularly,
> move ssh to nonstandard ports, disable remote root access and do all the
> rest I've learnt about security in years of running linux servers, also if
> I
> couldn't believe they would hack my server. I only overlooked a piece of
> unknown-third-party php code. It's just experience that makes you stronger.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
 I’m a hot-wired, heat seeking, warm-hearted cool customer, voice activated
and bio-degradable. I interface with my database, my database is in
cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m
radioactive.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ