NYCPHP Meetup

NYPHP.org

[nycphp-talk] Issues with server getting hacked

Randal Rust randalrust at gmail.com
Fri Sep 11 14:37:27 EDT 2009


We have suddenly started having issues with one of our servers with a
local hosting company. We have never had any issues at all for the 6-7
years we've used their servers (we have a total of 5-6). Anyway, this
one server went down last week, and tech support said:

"Your VPS has been either hacked or an insecure script has been used
to upload stuff. We have tar'ed up the data was being used
(/tmp/b.tar.gz) You need to have your developer take a look at your
sites code to determine any vulnerabilities"

To which I responded, "ok, assume that we believe all of our scripts
are secure. in looking at the logs, how do i pinpoint that someone
is/was trying to upload something?"

Tech support was less than helpful after that. So I pose the question
to the list. How do I pinpoint the issue? There are about five domains
running on the site, and we did not have any issues until we upgraded
a ZenCart install for one of the sites.

-- 
Randal Rust
R.Squared Communications
www.r2communications.com
614-370-0036



More information about the talk mailing list