North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: shared hosting and attacks [FWD: [funsec] HostGator: cPanel Security Hole Exploited in Mass Hack]
- From: Peter Corlett
- Date: Sun Sep 24 05:52:14 2006
On 24 Sep 2006, at 04:00, Gadi Evron wrote:
With thousands of sites on every server and virtual machines
Hence why I'm rather partial to the ROT13 of a certain such
all it takes is one insecure web application such as xxxBB or PHPxx
the server to be remote accessed, and for a remote connect-back
be installed. The rest is history.
We all (well, never say all, every, never, ever, etc.), many of us
Well, I *did* at one point have a script that looked for files with
any of a list of MD5 sums and chmod them 000 if it found one.
Grepping for "Matt Wright" in Perl scripts and chmodding them is also
not a bad idea :)
this. What solutions have you found?
Some solutions I heard used, or utilized:
1. Remote scanning of web servers.
Actually, even bothering to use Unix user accounts rather than
running everything under the Apache uid (or sometimes nobody or
root!) would be a fine start.
2. Much stronger security enforcement on servers.
3. "Quietly patching" user web applications without permission.
I would like to plead the Fifth at this point.
This seems to be a popular enough technique, as long as the money
still keeps rolling in, but not one I particularly subscribe to
because the bad reputation gets round after a while.
4. JGH - Just getting hacked.
Hacked accounts aren't evenly distributed over the customer base. A
judiciously-applied account suspension or bollocking goes a long way.
What have you encountered? What have you done, sorry, heard of someone
else do, to combat this very difficult problem on your networks?