Re: security advice



Op 25-8-2010 9:14, Andrei Popescu schreef:
Hello,
I had something like this also.. I still have all the files, but in
my case the "hacker" just runned a CounterStrike server on my box. I have
found the exploit in a website that I host, it was an oscommerce and it had
a security issue in the pictures folder.. don't know how he had access but
the thing is he managed to reinstall openssh and somehow he got the root
password (not change it, I saw him logging in the box with my password, and
yes, the password was 18 characters, with letters and numbers and it didn't
mean anything).
So as somebody already said. You should watch for web application in
general. I managed to secure the oscommerce app and now everything is ok.


Best regards,
Andrei Popescu
IT Manager
Alttab Profit SRL
Tel: +4-0723.286.813
Fax: +4-021.210.33.65


Hi,

Be warned! Usually it is never "only a counterstrike server". Do not trust the box and reinstall. I've seen and investigated a hacked box where it was thought to "only run a psybounce". It turned out a lot more was happening but since the kernel was made to shut up about it, it would not show the rest of the activities. It was a database server for provisioning an ISP. A lot of people were surprised when their free adsl connection was shutdown and a bill was sent.

Investigate, reinstall and close the loopholes.

Best regards,

Erik

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------