[Cialug] URGENT! How to list all files new/modified last 24 hours

chris rheinherren c.rheinherren at gmail.com
Fri Oct 26 12:24:41 CDT 2012


Afton,

I'm a bit of a newbie myself still. You could do it. Linux only sounds hard
and has that reputation. It's actually easy when you get into it.



On Fri, Oct 26, 2012 at 12:12 PM, Afan Pasalic <afan at afan.net> wrote:

> That would be great. But, this is "shared hosting" kind of server and I
> don't have access to these things.Though, even I have dedicated server, I
> don't think my "knowledge" will allow me to do it :-)
>
>
>
>
> On 10/26/2012 12:05 PM, Josh More wrote:
>
>> To be clear... I am also advocating scrapping it and rebuilding.  I
>> just think that after it's rebuilt, you should use Suhosin and
>> Mod_Security and then use AppArmor to chroot it.  (There are other
>> ways to chroot... I just like AppArmor the best.)
>>
>> AppArmor can also do cool stuff with your back end databases.
>>
>> You can also look at CloudFlare and Incapsula if you want additional
>> cloudy protection.
>>
>> -Josh
>>
>> On Fri, Oct 26, 2012 at 12:02 PM, Nicolai
>> <nicolai-cialug at chocolatine.**org <nicolai-cialug at chocolatine.org>>
>> wrote:
>>
>>> On Fri, Oct 26, 2012 at 11:10:43AM -0500, Afan Pasalic wrote:
>>>
>>>  they changed every index.php file
>>>>
>>> Ah, good ol' PHP.  If you don't scrap it, then follow Josh's advice to
>>> the letter.  But it would be better to scrap it IMO.  Then take the time
>>> to set up a chroot webserver (nginx and Apache are both chroot by
>>> default on OpenBSD).
>>>
>>> If you're going to take the time to do something, it may as well be to
>>> build something that lasts.
>>>
>>>  Looks like they got in through my old website I coded myself. They found
>>>> the hole.
>>>>
>>> I admire your honesty.  Lots of people in the same situation try to
>>> "hide" the details to protect their supposed image, rather than be open
>>> about it and learn from the experience.  Their efforts are transparent
>>> and have the opposite effect.
>>>
>>>  I talked to tech support and the guy said they got in through FTP but I
>>>> doubt it.
>>>>
>>> Unless this is chroot non-root UID anonymous read-only FTP, it should be
>>> turned off.  Use SFTP or scp instead, already provided by OpenSSH.
>>>
>>> Nicolai
>>> ______________________________**_________________
>>> Cialug mailing list
>>> Cialug at cialug.org
>>> http://cialug.org/mailman/**listinfo/cialug<http://cialug.org/mailman/listinfo/cialug>
>>>
>> ______________________________**_________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/**listinfo/cialug<http://cialug.org/mailman/listinfo/cialug>
>>
>
> ______________________________**_________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/**listinfo/cialug<http://cialug.org/mailman/listinfo/cialug>
>


More information about the Cialug mailing list