Re: an actual hacked machine, in a preserved state

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sun, Jan 1, 2012 at 6:03 PM, Fajar Priyanto <fajarpri@xxxxxxxxxx> wrote:

> On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER <rilindo@xxxxxx> wrote:
> > The script in question is an exploit from a web board which is
> apparently designed to pull outside traffic. If you had SELinux, it would
> put httpd in its own context and by default, it will NOT allow connections
> from that context to another. You have to enable it with:
>
> The only time my server got hacked was because of phpBB. Using
> cross-site scripting, the hacker managed to put a pl file and when I
> ran it, it opened a console.
> Apparently you are running one of the web boards.
>

I'm not running phpBB or vBulletin.  The script apparently runs on machine
X to attack a *different* machine Y where machine Y has vBulletin installed
on it.


> Pls follow up any
> security advisories of that product and any addon/module closely.
>
> If you are really curious how yours got hack. You can setup similar
> system and put a bounty (maybe $1000) in one of the underground
> community for anyone to hack it and tell you how they do it.
>
>
>

Is there a non-"underground" place to post such requests?  It's not illegal
to offer a bounty to someone for finding a security hole in your system --
Facebook, Google, and Mozilla all do it.

Bennett
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux