One thing I haven't seen is too much help with finding tools that make problems like this scarce if not non-existant...
I've been using an application called Atomic Secured Linux - it just works and the team behind it makes updates to the rules constantly but it's not just mod-sec rules - it also has some things to help you enforce good password policy http://tinyurl.com/asl-danhorning hope that also helps out some server admins. -- Dan Horning American Digital Services - Where you are only limited by imagination. dan.horn...@planetnoc.com :: http://www.americandigitalservices.com 1-518-444-0213 x502 . toll free 1-800-863-3854 . fax 1-888-474-6133 15 Third Street, PO Box 746, Troy, NY 12180 (by appointment only) > -----Original Message----- > From: talk-boun...@lists.nyphp.org [mailto:talk- > boun...@lists.nyphp.org] On Behalf Of Randal Rust > Sent: Friday, September 11, 2009 2:37 PM > To: NYPHP Talk > Subject: [nyphp-talk] Issues with server getting hacked > > We have suddenly started having issues with one of our servers with a > local hosting company. We have never had any issues at all for the 6-7 > years we've used their servers (we have a total of 5-6). Anyway, this > one server went down last week, and tech support said: > > "Your VPS has been either hacked or an insecure script has been used > to upload stuff. We have tar'ed up the data was being used > (/tmp/b.tar.gz) You need to have your developer take a look at your > sites code to determine any vulnerabilities" > > To which I responded, "ok, assume that we believe all of our scripts > are secure. in looking at the logs, how do i pinpoint that someone > is/was trying to upload something?" > > Tech support was less than helpful after that. So I pose the question > to the list. How do I pinpoint the issue? There are about five domains > running on the site, and we did not have any issues until we upgraded > a ZenCart install for one of the sites. > > -- > Randal Rust > R.Squared Communications > www.r2communications.com > 614-370-0036 > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php
