----- "Alan Pope" <[EMAIL PROTECTED]> wrote: > On Thu, Dec 27, 2007 at 07:34:23AM +0000, Sean Miller wrote: > > I am aware this isn't Ubuntu related, but I'm tearing my hair out. > > > > For the past week or so some folks have been constantly hacking my > > webserver... it's running Cent-OS I believe, but I don't have the > knowledge > > to work out how they're getting in. > > > > First thing I'd do is shut it down and restore from backup. You have > discovered that no matter how much you clean up there's no way you can > be > sure they cant get in again. > > Make sure you have up to date secure versions of all installed web > apps. If > processes are owned by apache then chances are its a compromised > script > running on the site that they are getting in through. >
The worst app for security I've ever come across is phpBB Nuke, or postnuke. If someone is running one of those, make sure its up-to-date. I've never had a problem with phpBB2 (except for spammers ;)) -- Blog: http://www.kirrus.co.uk UK Plone Hosting: http://www.plone-hosting.co.uk RPGs: Captain Senaris Vlenn, CO, USS Sarek Lt Aieron Peters, XO DS5 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
