[Cialug] URGENT! How to list all files new/modified last 24 hours
Josh More
jmore at starmind.org
Fri Oct 26 12:05:36 CDT 2012
To be clear... I am also advocating scrapping it and rebuilding. I
just think that after it's rebuilt, you should use Suhosin and
Mod_Security and then use AppArmor to chroot it. (There are other
ways to chroot... I just like AppArmor the best.)
AppArmor can also do cool stuff with your back end databases.
You can also look at CloudFlare and Incapsula if you want additional
cloudy protection.
-Josh
On Fri, Oct 26, 2012 at 12:02 PM, Nicolai
<nicolai-cialug at chocolatine.org> wrote:
> On Fri, Oct 26, 2012 at 11:10:43AM -0500, Afan Pasalic wrote:
>
>> they changed every index.php file
>
> Ah, good ol' PHP. If you don't scrap it, then follow Josh's advice to
> the letter. But it would be better to scrap it IMO. Then take the time
> to set up a chroot webserver (nginx and Apache are both chroot by
> default on OpenBSD).
>
> If you're going to take the time to do something, it may as well be to
> build something that lasts.
>
>> Looks like they got in through my old website I coded myself. They found
>> the hole.
>
> I admire your honesty. Lots of people in the same situation try to
> "hide" the details to protect their supposed image, rather than be open
> about it and learn from the experience. Their efforts are transparent
> and have the opposite effect.
>
>> I talked to tech support and the guy said they got in through FTP but I
>> doubt it.
>
> Unless this is chroot non-root UID anonymous read-only FTP, it should be
> turned off. Use SFTP or scp instead, already provided by OpenSSH.
>
> Nicolai
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list