Full Disclosure mailing list archives
Re: Hosting Provider Refuses to Share Server Logs - How to Proceed?
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Tue, 02 Aug 2005 09:48:54 -0400
I've never dealt with an intrusion before, but I am the tech for the
That's all you need to say.The server logs probably won't tell you exactly what happened, and it doesn't matter anyway. ANYTIME you have a hack, regardless of how trivial, you rebuild from scratch.
Why? Because you'll never know what was left behind. I've been doing post-mortum analysis of hacked boxes for years, and I still don't trust my own abilities to find everything -- thus they all get rebuilt offline, and nothing that's executable (directly or otherwise), and no config files get restored.
More specifics on the exact config, and we can give links on how to secure the next install (eg: what httpd, what O/S, etc.).
Cheers, Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Hosting Provider Refuses to Share Server Logs - How to Proceed? GeeEm (Aug 02)
- Re: Hosting Provider Refuses to Share Server Logs - How to Proceed? Michael Holstein (Aug 02)
- Re: Hosting Provider Refuses to Share Server Logs - How to Proceed? Michael Ströder (Aug 02)
- Re: Hosting Provider Refuses to Share Server Logs - How to Proceed? Michael Holstein (Aug 02)
- Re: Hosting Provider Refuses to Share Server Logs - How to Proceed? Michael Ströder (Aug 02)
- RE: Hosting Provider Refuses to Share Server Logs -How to Proceed? Aditya Deshmukh (Aug 02)
- Re: Hosting Provider Refuses to Share Server Logs - How to Proceed? Michael Holstein (Aug 02)