|
Full Disclosure
mailing list archives
Re: one of my servers has been compromized
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Mon, 05 Dec 2011 12:07:16 -0600
--On December 5, 2011 11:44:04 AM +0100 Lucio Crusca <lucio () sulweb org>
wrote:
Now the problem is: how do I pervent further abuse? What should I search
in the logs (if anything) to spot the security hole?
Install mod-security and write custom rules to prevent the hack. Look in
your webserver logs to see what they did to get in.
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: one of my servers has been compromized Lucio Crusca (Dec 05)
Re: one of my servers has been compromized Dave (Dec 05)
Re: one of my servers has been compromized Paul Schmehl (Dec 05)
Re: one of my servers has been compromized Aris Adamantiadis (Dec 06)
| 
