unknows scripts are running the server
Net Llama!
netllama
Mon May 17 11:55:55 PDT 2004
On Fri, 21 Nov 2003, Swapana Ghosh wrote:
> Hi
>
> >>Did you wipe & reload the OS after the box was compromised? If so, did
> >>you close the hole that allowed the crackers in?
>
> No we did not reload the OS after the server was compromised..Basically the
Then you are wasting your time. If you box gets compromised in any way,
the only solution is to reload the OS, restore the data that you are
confident is secure, patch the hole, and then get back to production.
Anything less will result in failure all over again.
> server is in a different place and we work with remote..
That is no excuse.
>
> Both the servers are patched with the latest patch..
What latest patch? Unless this is windoze, there is no 'latest patch' for
a Unix(-like) OS.
> Tobe very frank we could not find out the *hole*, through which the crackers
> came into.. But phpnuke is running at the server.. And those crakers corrupted
> all our sites basically. So we are assuming that they enter using
> apache/php/phpnuke....
Then you owe it to your customer to either upgrade to the latest version
of phpnuke. If you're already on that version, you need to determine if
that is truly the entry point. Surely there must be some kind of forum
for phpnuke users where this can be discussed.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lonni J Friedman netllama at linux-sxs.org
Linux Step-by-step & TyGeMo http://netllama.ipfox.com
More information about the Linux-users
mailing list