You could do few things: 1. apt-get dist-upgrade (or yum upgrade), or better - move to a stable distribution like CentOS. That way you'll have security fixes for at least 5 years. DO NOT use Fedora on any server which offfer services outside. 2. Have some logs emailed to you from the server on a daily basis (crontab). By default, Redhat/CentOS/Fedora does this automatically, but you can enhance it to send pack few log files and email them to you as .tar.bz2 for example. That way you could check whats going on to see who entered when etc.. (logs like ssh, httpd, sendmail). Ususally when you compress text files, they become small, so the email wouldn't be really big. 3. Make sure your iptables/firewall settings will only let specific needs and nothing else comes in. nmap is your friend to check, along with stuff like SAINT etc. If you don't know firewall settings well, just ask here. I'm sure someone would happily assist you with it. 4. have a cron script that will backup your web server stuff nightly. If you don't have a tape backup or spare space for backup, then pack the essential parts and use the script to email it to you (GMail account can hold almost 3 gigs, so you can save the backup there) 5. You can use applications like TripWire to detect if something changed, or you can simply do a simple MD5 check for your static pages, and if something goes wrong, it could email/SMS/send-a-pigeon to notify you :)
Hope this helps, Hetz On 4/8/07, Ori Idan <[EMAIL PROTECTED]> wrote:
A server I managed was hacked by a libian hacker. The only thing he did was changing the index.html of some web sites. The server is based on fedora core 2 running: httpd sendmail bind proftp (through xinetd) ssh Any ideas how he could have done it? What should I do to prevent such hackes in the future? -- Ori Idan
-- Skepticism is the lazy person's default position. Visit my blog (hebrew) for things that (sometimes) matter: http://wp.dad-answers.com ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
