[TriLUG] I've got intruders!!
Neil L. Little
nllittle at vnet.net
Tue May 16 19:58:49 EDT 2006
There were no PHP scripts running.
The HTTP server was running WebGUI, a content management application
based on Perl.
Neil Little, WA4AZL
JARS Forever!! ..er TRILUG too!!
> are you running any php scripts? ive seen this happen on my box once..
> Theres a nasty css vulnerability in horde and other php apps which can
> be exploited easily. regards, Jason On Mon, May 15, 2006 at 09:02:24PM
> -0400, Neil L. Little wrote:
>
>>> I recently discovered that the web server I have been working on has
>>> been comprimized and is relaying spam. Because it was a test server
>>> there nothing is really important lost but it does kinda tick me off.
>>>
>>> Of course I have taken it off the network but now I need to see how
>>> "they" got in ,what was done, and what I did wrong.
>>> I'm thinking a hole in my firewall. Also, rootkit. Then what they did to
>>> Sendmail (thats a little further down on the list and unimportant right
>>> now).
>>> I remember that I had a problem testing my firewall because TWC has one
>>> up on the their cable modem and it led me astray for a while thinking I
>>> had the telenet port open.
>>>
>>> Sooooo....
>>> Can any one suggest some reading material on the subject at hand?
>>> My initial search came up with:
>>> Real World Linux Security: Intrusion Prevention, Detection and Recovery
>>> by Box Toxen
>>> Linux Servier Security by Michael D. Bauer.
>>>
>>> Is there a definitive (or just usefull) book out there for someone just
>>> discovering that he crapped out in the security turkey shoot?
>>>
>>> Thanks in advance for the help!
>>>
>>> Neil Little, WA4AZL
>>> JARS Forever!! ..er TRILUG too!!
>>>
>>> Spammers = 1, Home team = 0
>>
More information about the TriLUG
mailing list