Re: an actual hacked machine, in a preserved state

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER <rilindo@xxxxxx> wrote:
> The script in question is an exploit from a web board which is apparently designed to pull outside traffic. If you had SELinux, it would put httpd in its own context and by default, it will NOT allow connections from that context to another. You have to enable it with:

The only time my server got hacked was because of phpBB. Using
cross-site scripting, the hacker managed to put a pl file and when I
ran it, it opened a console.
Apparently you are running one of the web boards. Pls follow up any
security advisories of that product and any addon/module closely.

If you are really curious how yours got hack. You can setup similar
system and put a bounty (maybe $1000) in one of the underground
community for anyone to hack it and tell you how they do it.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux