On Fri, 11 Sep 2009, Daniel Convissor wrote:
> They must have some evidence indicating a problem exists. They need to
> tell you what that evidence is. Then you'll have a direction to go in.
That's not always the case: they could have seen something as simple as a
sudden increase in load or
On Fri, 11 Sep 2009, Eddie Drapkin wrote:
> Speaking of firewall lock down, I'm a big fan of the iptables
> configurations that deny access to ALL ports that aren't explicitly
> allowed
Yes, that's much like what I do these days. Not only what's coming in, but
also strict iptable rules on what's
Hey Randal:
> "Your VPS has been either hacked or an insecure script has been used
> to upload stuff. We have tar'ed up the data was being used
> (/tmp/b.tar.gz) You need to have your developer take a look at your
> sites code to determine any vulnerabilities"
They must have some evidence indicat
On Fri, Sep 11, 2009 at 4:11 PM, Ajai Khattri wrote:
> On Fri, 11 Sep 2009, Randal Rust wrote:
>
>> That's what I was thinking actually. There has to be something
>> *somewhere* that would give me an indication of where the issue lies.
>
> Finding the source of a break-in like this can be notoriou
On Fri, 11 Sep 2009, Randal Rust wrote:
> That's what I was thinking actually. There has to be something
> *somewhere* that would give me an indication of where the issue lies.
Finding the source of a break-in like this can be notoriously difficult.
Much better to wipe the drive and reinstall us
On Fri, Sep 11, 2009 at 3:26 PM, Chris Snyder wrote:
>> old version of CakePHP that we inherited.
> Heh. You mean the version you can't upgrade because it would break everything?
Of course:)
> Maybe it's time to see if you can put a Web Application Firewall in
> front of the box or install mod
On Fri, Sep 11, 2009 at 3:16 PM, Randal Rust wrote:
> On Fri, Sep 11, 2009 at 3:11 PM, Chris Snyder wrote:
>
>> They tar'd up the data from where? It might help you to know what
>> directory it was uploaded to.
>
> Yeah, they seem to be short on that detail, even though I posed the question.
>
>>
On Fri, Sep 11, 2009 at 3:11 PM, Chris Snyder wrote:
> They tar'd up the data from where? It might help you to know what
> directory it was uploaded to.
Yeah, they seem to be short on that detail, even though I posed the question.
> But really, the problem could be anywhere in the system.
I am
On Fri, Sep 11, 2009 at 3:09 PM, Tim Lieberman wrote:
> I'd have a look at the owner and timestamps on the naughty files. Are they
> owned by the web server user? If so, check server logs in the period
> leading up to the file modification times.
Well the problem there is that they've all been
On Fri, Sep 11, 2009 at 2:37 PM, Randal Rust wrote:
>
> "Your VPS has been either hacked or an insecure script has been used
> to upload stuff. We have tar'ed up the data was being used
> (/tmp/b.tar.gz) You need to have your developer take a look at your
> sites code to determine any vulnerabili
I'd have a look at the owner and timestamps on the naughty files. Are
they owned by the web server user? If so, check server logs in the
period leading up to the file modification times.
If they're owned by some other user, make sure that user account is
secure.
I've seen plenty of inst
We have suddenly started having issues with one of our servers with a
local hosting company. We have never had any issues at all for the 6-7
years we've used their servers (we have a total of 5-6). Anyway, this
one server went down last week, and tech support said:
"Your VPS has been either hacked
12 matches
Mail list logo
