[kwlug-disc] server compromised
john at netdirect.ca
john at netdirect.ca
Thu May 14 10:15:05 EDT 2009
kwlug-disc-bounces at kwlug.org wrote on 05/13/2009 06:58:31 PM:
> One of my friends in the US had his username/passwords hacked (I think
> there was a big Time/Warner fiasco down there that caused it, got it
> through hacking his ISP account somehow). In any event, he had an ftp
> account on my server. The hackers got on to the server and toasted his
> sites.
>
> If I'm running a normally secure linux webserver, and he's cleaned up
> his mess on the server, do I really have anything else to worry about?
> The hacker would only be able to get into his stuff if I'm correct -
> they shouldn't be able to touch anything else. Can I sleep soundly :) ?
In an ongoing discussion of compromised servers I'd like to suggest we
talk about:
- Prevention,
- Detection,
- and Removal
Prevention is a huge topic. There may be many techniques that are obvious
to people: use a firewall, strong passwords, timely patches, etc. I think
it would be interesting to hear the unique techniques people are using to
prevent hacks.
Practical forms of detection may not be as big of a topic, but I'd be
interested to hear what people are using.
We talked already about removal and the "nuke" vs repair, but there may be
other insights as well.
Any interested people?
John Van Ostrand
Net Direct Inc.
CTO, co-CEO
564 Weber St. N. Unit 12
map
Waterloo, ON N2L 5C6
john at netdirect.ca
Ph: 866-883-1172
ext.5102
Linux Solutions / IBM Hardware
Fx: 519-883-8533
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20090514/5bf2d02c/attachment.htm>
More information about the kwlug-disc
mailing list