GoFuckYourself.com - Adult Webmaster Forum - View Single Post - If a managed server is hacked ... who's at fault?

prodiac · 08-24-2006, 11:24 AM

On any given day there is a whole slew of bots running scans on random sites/ip ranges accessing known urls to find an array of exploitable scripts. Once it finds one, it then attempts to exploit the script, usually writing files to /tmp, and then executing them. These files they write and execute are usually back doors to the server.

The best way to protect against that is to set your /tmp dir to be noexec, and link your other tmp directories there as well.

But then they ocassionally go and find other writable directories. If you find a hackers script in your domains files, then your directory is probably set writable for the apache web service to right to it.

So not only do you always want to make sure you have the latest updates of all scripts you are running, but you want to make sure your directory permissions are also secure, don't allow writing if it doesn't need to be. Be careful with setting stuff to 777, etc.

08-24-2006, 11:24 AM
prodiac Confirmed User Industry Role: Join Date: Sep 2003 Location: amerinoc.com Posts: 419	On any given day there is a whole slew of bots running scans on random sites/ip ranges accessing known urls to find an array of exploitable scripts. Once it finds one, it then attempts to exploit the script, usually writing files to /tmp, and then executing them. These files they write and execute are usually back doors to the server. The best way to protect against that is to set your /tmp dir to be noexec, and link your other tmp directories there as well. But then they ocassionally go and find other writable directories. If you find a hackers script in your domains files, then your directory is probably set writable for the apache web service to right to it. So not only do you always want to make sure you have the latest updates of all scripts you are running, but you want to make sure your directory permissions are also secure, don't allow writing if it doesn't need to be. Be careful with setting stuff to 777, etc.