On Nov 9, 2007 9:27 AM, robert mena <[EMAIL PROTECTED]> wrote:
> Hi,
>
> One server that hosts several domains ended up with the message "Owned
> by W4n73d H4ck3r". While still performing an audit I am very
> confident that this was caused by a php script (it is a linux server)
> uploaded via FTP or by a defective site hosted (perhaps vulnerable
> version of a CMS).
>
> The symptons seem clear, files owned by apache are vulnerable and the
> attacker script scanned the web tree and started running.
>
> So, basically two questions:
> - how to detect where this came from
> - how to prevent it from happening again
>
> Thanks.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Robert,
That's really not so much a PHP question, but a general Linux
security question. Primarily, my job is computer forensics and
security, so if you'd like, you can reply to me off-list and I'll be
glad to offer you a hand.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
