On Sun, 8 Apr 2007, Ori Idan wrote:
A server I managed was hacked by a libian hacker.
The only thing he did was changing the index.html of some web sites.
The server is based on fedora core 2
running:
httpd
sendmail
bind
proftp (through xinetd)
ssh
Any ideas how he could have done it?
The httpd log files should have some clues. Without knowing the
versions of software your running its hard to say if there are known
vulns with the software your running, let alone unpublished flaws. What
kind of web applications are running?
What should I do to prevent such hackes in the future?
There are lots of things you can do, like keep software up to date,
remove unneeded services, audit web applications for flaws (though I am
kind of partial to the last one ;)
--
- Josh
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
