Full Disclosure mailing list archives
Re: one of my servers has been compromized
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Mon, 05 Dec 2011 12:07:16 -0600
--On December 5, 2011 11:44:04 AM +0100 Lucio Crusca <lucio () sulweb org> wrote:
Now the problem is: how do I pervent further abuse? What should I search in the logs (if anything) to spot the security hole?
Install mod-security and write custom rules to prevent the hack. Look in your webserver logs to see what they did to get in. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: one of my servers has been compromized, (continued)
- Re: one of my servers has been compromized James Condron (Dec 05)
- Re: one of my servers has been compromized John Jacobs (Dec 05)
- Re: one of my servers has been compromized Lucio Crusca (Dec 05)
- Re: one of my servers has been compromized Tim (Dec 05)
- Re: one of my servers has been compromized John Jacobs (Dec 05)
- Re: one of my servers has been compromized Guillaume Friloux (Dec 06)
- Re: one of my servers has been compromized Tim (Dec 05)
- Re: one of my servers has been compromized Valdis . Kletnieks (Dec 06)