GoFuckYourself.com - Adult Webmaster Forum - View Single Post

u-Bob · 01-01-2011, 02:40 PM

The attacker was able to install that r57shell script. That does tell you one thing: the server has been compromised. It doesn't tell you how they got in, what they did or what level of access they eventually acquired.

Once you've determined that the server has been compromised, there is one thing you absolutely need to do: wipe and reinstall the server.

While going through your logs, scanning for rootkits, auditing your scripts etc is recommended to find out more information about how they got in. Information you can use to prevent future compromises, but it does not change the fact that the server needs to be reinstalled.

A system that has been compromised is a system that can no longer be trusted.

01-01-2011, 02:40 PM
u-Bob there's no $$$ in porn Industry Role: Join Date: Jul 2005 Location: icq: 195./568.-230 (btw: not getting offline msgs) Posts: 33,063	The attacker was able to install that r57shell script. That does tell you one thing: the server has been compromised. It doesn't tell you how they got in, what they did or what level of access they eventually acquired. Once you've determined that the server has been compromised, there is one thing you absolutely need to do: wipe and reinstall the server. While going through your logs, scanning for rootkits, auditing your scripts etc is recommended to find out more information about how they got in. Information you can use to prevent future compromises, but it does not change the fact that the server needs to be reinstalled. A system that has been compromised is a system that can no longer be trusted.