Hi, "Dzuy M. Nguyen" <[EMAIL PROTECTED]> writes:
> Someone hacked into my linux web server and caused some problems. I'm still > trying to figure it out. Anybody have a good link for linux security? www.securityfocus.com has some decent information, though the Javascript they use is a PITA. Also, try www.rootshell.com or a dozen others which have slipped my mind for now. You should find links from these two stites. It's vitally important to keep abreast of the latest security updates, especially for a production machine. I think [email protected] will carry all the security notices. Check the archives. > I'm not sure how they got in, so any suggestions would be great. A current favourite is ADMROCKS, if you're running DNS on that machine. Take a look (based on potato) at /var/cache/bind and see if it's got a file called ADMROCKS sitting in there. Versions of bind < 8.2.2P3 are vulnerable (IIRC). For a system that's purely a web server, the best bet is a dodgy CGI script. -- Graeme. [EMAIL PROTECTED] "Life's not fair," I reply. "But the root password helps." - BOFH

