[Cialug] URGENT! How to list all files new/modified last 24 hours
Nicolai
nicolai-cialug at chocolatine.org
Fri Oct 26 12:02:55 CDT 2012
On Fri, Oct 26, 2012 at 11:10:43AM -0500, Afan Pasalic wrote:
> they changed every index.php file
Ah, good ol' PHP. If you don't scrap it, then follow Josh's advice to
the letter. But it would be better to scrap it IMO. Then take the time
to set up a chroot webserver (nginx and Apache are both chroot by
default on OpenBSD).
If you're going to take the time to do something, it may as well be to
build something that lasts.
> Looks like they got in through my old website I coded myself. They found
> the hole.
I admire your honesty. Lots of people in the same situation try to
"hide" the details to protect their supposed image, rather than be open
about it and learn from the experience. Their efforts are transparent
and have the opposite effect.
> I talked to tech support and the guy said they got in through FTP but I
> doubt it.
Unless this is chroot non-root UID anonymous read-only FTP, it should be
turned off. Use SFTP or scp instead, already provided by OpenSSH.
Nicolai
More information about the Cialug
mailing list