Results 1 to 10 of 10

Thread: Website deface

  1. #1
    Join Date
    May 2004
    Location
    Malaysia
    Posts
    178

    Website deface

    Hi,

    One of my client website deface!. How do i know if my server is secure anymore. How to trace where this hacker come in?

  2. #2
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Always good to first let us know a few details and what security you already have in place.

    For example:
    Are you using Linux or Windows?
    What Control Panel do you use?
    Has your 'tmp' directory been locked down?
    What security have you done in your 'php.ini' file?
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  3. #3
    Join Date
    Sep 2004
    Location
    Flint, Michigan
    Posts
    5,765
    It looks like you are running linux and apache.

    Download rkhunter anc chkrootkit (do a search for more information on them). Install them and run them.

    What type of site was this person running? Was it a simple html site? PHPBB? Etc...
    Mike from Zoodia.com
    Professional web design and development services.
    In need of a fresh hosting design? See what premade designs we have in stock!
    Web design tips, tricks, and more at MichaelPruitt.com

  4. #4
    Join Date
    May 2004
    Location
    Malaysia
    Posts
    178
    i'm running centos with direct admin
    i paid once for initial security setup

    i run rkhunter and chkrootkit but nothing unusual

  5. #5
    Join Date
    Sep 2004
    Location
    Flint, Michigan
    Posts
    5,765
    What type of site was it that was defaced?
    Mike from Zoodia.com
    Professional web design and development services.
    In need of a fresh hosting design? See what premade designs we have in stock!
    Web design tips, tricks, and more at MichaelPruitt.com

  6. #6
    Join Date
    May 2004
    Location
    Malaysia
    Posts
    178
    i'm not sure

  7. #7
    Join Date
    Sep 2004
    Location
    Flint, Michigan
    Posts
    5,765
    Odds are that it was an insecure script and/or site. People that hack servers usually do not deface, but instead host warez and/or start DDoS attacks.
    Mike from Zoodia.com
    Professional web design and development services.
    In need of a fresh hosting design? See what premade designs we have in stock!
    Web design tips, tricks, and more at MichaelPruitt.com

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    if the websites got defaced then your server is insecure in someway.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  9. #9
    Greetings:

    Originally posted by mygethosted
    i'm running centos with direct admin
    i paid once for initial security setup

    i run rkhunter and chkrootkit but nothing unusual
    1. Root kit hunter and chkrootkit only check for root kits; root kits are only one means to hack / crack a server.

    2. A large number of attacks are web-based attacks not checked by either tool.

    3. Server security is a way of life. You don't harden a server once, and done; it is a through out the day hardening every single day.

    That stated:

    A. Make sure there are no suspicious files in /tmp, /var/tmp, or /dev/shm

    B. Make sure /tmp, /var/tmp, and /dev/shm are secured.

    C. Make sure your compilers and fetch like utilities (aka /usr/bin/wget) are set to only allow the root user to use them.

    D. Install mod_security from http://www.modsecurity.org/ with a good rule set for your customer-base and automation tool(s).

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  10. #10
    Join Date
    May 2004
    Location
    Malaysia
    Posts
    178
    thank you to all for their respond. The site deface because of the client weak ftp password.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •