I suggest, that you should scan for full open ports on your web site (all the port range), to see if that person have an open "shell" on your account.
Regardless of that, please look for known vulnerabilities from the versions of every server on the machine, and also if the server runs any dynamic web apps, you should see if they do not have any problems .. (404 and any other error messages can give you a clue for what they where looking for). Anyway, I recommend you to install (from a clean install rather then to update, because you do not know the whole things that the attackers did) a newer version, such as fc 6 ... or something better such as Debian ;) Ido On 4/8/07, Ori Idan <[EMAIL PROTECTED]> wrote:
A server I managed was hacked by a libian hacker. The only thing he did was changing the index.html of some web sites. The server is based on fedora core 2 running: httpd sendmail bind proftp (through xinetd) ssh Any ideas how he could have done it? What should I do to prevent such hackes in the future? -- Ori Idan
-- http://ik.homelinux.org/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
