Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



on 6-2-2009 10:18 PM bruce spake the following:
> you and i agreee on him figuring out what web apps are causing the issues..
> or in fact, exactly what the 'atack' process is?  i didn't see the initial
> threads.. was this simething that he discussed? did he say what the atack
> process was doing?
Who cares what it was doing? He stated he didn't know what it was. It could be
sending spam or making tea, it doesn't matter. It is running without his
knowledge.
> 
> my only point, was that reinstalling without understanding what was/is going
> on is a draconian step.. does it resolve the issue.. sire.. does it get to
> what might have been the cause.. not in my opinion...

Attack forensics is an art. There are people that make large sums of money
doing this because it is difficult. Does he have the time/resources to see
what happened, or does he just need to get his site up and working in the
least amount of time?

> 
> but hey.. there are different ways of approaching a problem...
> 

Either way you want to look at it, the box needs to at a minimum get off the
net. If the system only has remote access, it needs to be booted from some
sort of rescue system to isolate the base from the running system. If he has
local access, then all the work can be done from a local console. Back up
anything you want, but don't just restore everything to the rebuilt system,
but check everything.  Then you can analyze, backup, wipe, pray, piss and
moan, drink, or whatever strikes your fancy. Just get the system off the
internet until it is not a (possible) threat anymore.




Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux