Karanbir Singh wrote:
Matthew T. O'Connor wrote:
Hello, I have a server running CentOS 4.3 with all the latest updates.
The server in question has been hacked by spammers a few times. The
details of the hack have been basically the same every time. I find
some directory created by the apache user account in /tmp. The new
directory contains an html file, and a list of email addresses to spam
and a perl script that spams all those email addresses with the html file.
sounds like scripts and bad code on the web-doc-root being exploited.
consder enabling SELinux. this is the sort of thing that selinux was
meant to prevent, and does a very good job of it.
I'll second that. SEL does a great job at stopping random daemons being
run on random ports...
I recently had exactly the same issue with a box being exploited to
install phishing scripts and it ended up being a security problem in a
PHP application called UBBthreads (forum software). There was a security
patch available i just hadn't been on the ball and got it installed in time.
Other things to look at are stopping outbound http to random hosts (if
you can) as its often the method the scripts get downloaded with. Also
renaming apps such as wget or curl or stopping them being accessed as
non root users can also help.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
