[Cialug] URGENT! How to list all files new/modified last 24 hours
Afan Pasalic
afan at afan.net
Fri Oct 26 12:12:55 CDT 2012
That would be great. But, this is "shared hosting" kind of server and I
don't have access to these things.Though, even I have dedicated server,
I don't think my "knowledge" will allow me to do it :-)
On 10/26/2012 12:05 PM, Josh More wrote:
> To be clear... I am also advocating scrapping it and rebuilding. I
> just think that after it's rebuilt, you should use Suhosin and
> Mod_Security and then use AppArmor to chroot it. (There are other
> ways to chroot... I just like AppArmor the best.)
>
> AppArmor can also do cool stuff with your back end databases.
>
> You can also look at CloudFlare and Incapsula if you want additional
> cloudy protection.
>
> -Josh
>
> On Fri, Oct 26, 2012 at 12:02 PM, Nicolai
> <nicolai-cialug at chocolatine.org> wrote:
>> On Fri, Oct 26, 2012 at 11:10:43AM -0500, Afan Pasalic wrote:
>>
>>> they changed every index.php file
>> Ah, good ol' PHP. If you don't scrap it, then follow Josh's advice to
>> the letter. But it would be better to scrap it IMO. Then take the time
>> to set up a chroot webserver (nginx and Apache are both chroot by
>> default on OpenBSD).
>>
>> If you're going to take the time to do something, it may as well be to
>> build something that lasts.
>>
>>> Looks like they got in through my old website I coded myself. They found
>>> the hole.
>> I admire your honesty. Lots of people in the same situation try to
>> "hide" the details to protect their supposed image, rather than be open
>> about it and learn from the experience. Their efforts are transparent
>> and have the opposite effect.
>>
>>> I talked to tech support and the guy said they got in through FTP but I
>>> doubt it.
>> Unless this is chroot non-root UID anonymous read-only FTP, it should be
>> turned off. Use SFTP or scp instead, already provided by OpenSSH.
>>
>> Nicolai
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list