On Sunday, 8 בApril 2007 00:33, Ori Idan wrote: > A server I managed was hacked by a libian hacker. > The only thing he did was changing the index.html of some web sites. > > The server is based on fedora core 2 > running: > httpd > sendmail > bind > proftp (through xinetd) > ssh > > Any ideas how he could have done it?
Based on your description, and on Internet statistics, I'd say: 1. Flawed PHP based application or code (photo album, forum, etc) 2. Flawed flash application (chat server) 3. Buggy apache. > What should I do to prevent such hackes in the future? Run a supported release of OS. Be careful what webapps you run on your web server. Keep them up-to-date. Try running them (including the web server itself) in chroot. While this wont help if your app is broken, at least the attacker will be locked into a a chrooted environment. Audit your server, run tripwire and look at the daily logs for binaries or files that were changed. Read online and printed material about basic system administration and security practices. Based on your questions, you need an overall understanding of how to run a system in a secure manner. --Ariel -- Ariel Biener *.il EFnet Admin PGP: http://www.tau.ac.il/~ariel/pgp.html ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
