[kwlug-disc] server compromised

john at netdirect.ca john at netdirect.ca
Thu May 14 10:15:05 EDT 2009

kwlug-disc-bounces at kwlug.org wrote on 05/13/2009 06:58:31 PM:
> One of my friends in the US had his username/passwords hacked (I think 
> there was a big Time/Warner fiasco down there that caused it, got it 
> through hacking his ISP account somehow).  In any event, he had an ftp 
> account on my server.  The hackers got on to the server and toasted his 
> sites.
> If I'm running a normally secure linux webserver, and he's cleaned up 
> his mess on the server, do I really have anything else to worry about? 
> The hacker would only be able to get into his stuff if I'm correct - 
> they shouldn't be able to touch anything else.  Can I sleep soundly :) ?

In an ongoing discussion of compromised servers I'd like to suggest we 
talk about:

- Prevention,
- Detection,
- and Removal

Prevention is a huge topic. There may be many techniques that are obvious 
to people: use a firewall, strong passwords, timely patches, etc. I think 
it would be interesting to hear the unique techniques people are using to 
prevent hacks.

Practical forms of detection may not be as big of a topic, but I'd be 
interested to hear what people are using.

We talked already about removal and the "nuke" vs repair, but there may be 
other insights as well.

Any interested people?

John Van Ostrand
Net Direct Inc.
564 Weber St. N. Unit 12
Waterloo, ON N2L 5C6
john at netdirect.ca
Ph: 866-883-1172
Linux Solutions / IBM Hardware
Fx: 519-883-8533

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20090514/5bf2d02c/attachment-0003.html>

More information about the kwlug-disc mailing list