you should make a copy of your current harddrive, and lock the otherone in a
safe or something , so that you can always make additional copy's.
This requires a same sized harddisk in a other working system..

But that is propably not what you have,

You should check your webserver logs/ftp logs, for bogus entries
Note that firewalling does not prevent webdefacements, why? Well port
is allowed traffic, so people can get in.

IT might be possible that your ftp server got breached, what version did you
What webserver did you run? with php? Is there even the slightest
possibility that
you had rwx settings on the tree where your webfiles are in, so that one
could have written code to it, or even worse, changing your index file.

I had it myself with a bogus Slashdot topic script, that allowed remote
to write into my files, one of my includes was overwritten and i got a
website, instead of my three tabled layout ... oops, was the script and rwx
permissions in the tree..

Goodluck !!


Kind regards,

Remko Lodder Dutch community for helping newcomers on the

-----Oorspronkelijk bericht-----
[mailto:[EMAIL PROTECTED] re re
Verzonden: maandag 8 maart 2004 19:56
Onderwerp: hacked

despite having ipfilter blocking all ports except 80 21 and 22, tripwire,
and scoring 999999 in nmap, my website got defaced.
the box is currently unplugged.  i wanted to know what is the best way to
find out who did it and how they got in, and what to do from here.  tripwire
shows a lot of files changed, most of which could be attributed to cvsup'ing
recently.  any other security precautions to take disaster recovery guides?
i've already changed p/w's on my other boxes.
Check out the latest SMS services @
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to