NYCPHP Meetup

NYPHP.org

[nycphp-talk] Issues with server getting hacked

Daniel Horning dan.horning at planetnoc.com
Sat Sep 12 07:30:20 EDT 2009


One thing I haven't seen is too much help with finding tools that make
problems like this scarce if not non-existant...

I've been using an application called Atomic Secured Linux - it just works
and the team behind it makes updates to the rules constantly

but it's not just mod-sec rules - it also has some things to help you
enforce good password policy

http://tinyurl.com/asl-danhorning

hope that also helps out some server admins.
--
Dan Horning

American Digital Services - Where you are only limited by imagination.
dan.horning at planetnoc.com :: http://www.americandigitalservices.com
1-518-444-0213 x502 . toll free 1-800-863-3854 . fax 1-888-474-6133
15 Third Street, PO Box 746, Troy, NY 12180 (by appointment only)

> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-
> bounces at lists.nyphp.org] On Behalf Of Randal Rust
> Sent: Friday, September 11, 2009 2:37 PM
> To: NYPHP Talk
> Subject: [nycphp-talk] Issues with server getting hacked
> 
> We have suddenly started having issues with one of our servers with a
> local hosting company. We have never had any issues at all for the 6-7
> years we've used their servers (we have a total of 5-6). Anyway, this
> one server went down last week, and tech support said:
> 
> "Your VPS has been either hacked or an insecure script has been used
> to upload stuff. We have tar'ed up the data was being used
> (/tmp/b.tar.gz) You need to have your developer take a look at your
> sites code to determine any vulnerabilities"
> 
> To which I responded, "ok, assume that we believe all of our scripts
> are secure. in looking at the logs, how do i pinpoint that someone
> is/was trying to upload something?"
> 
> Tech support was less than helpful after that. So I pose the question
> to the list. How do I pinpoint the issue? There are about five domains
> running on the site, and we did not have any issues until we upgraded
> a ZenCart install for one of the sites.
> 
> --
> Randal Rust
> R.Squared Communications
> www.r2communications.com
> 614-370-0036
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> http://www.nyphp.org/show_participation.php




More information about the talk mailing list