server hacked

4 posts / 0 new
Last post
#1 Sun, 06/01/2008 - 07:03
paulfromsurrey

server hacked

I think my server have some of the secuity problem. two of my websites got message

(Get better Security, You got hacked again if you want some help email romeo_darkmindz@msn.com)

Now two question i am running fedora5 and webmin1.42

i have other website so far they are ok just two domain i have the problem

i am thinking setting up new box what will be the linux of choice for better secuirty and functionality

i am going to buy virtualmin professional

please advise

I also like to know if joe or jimmy you like to see my sever if there is any secuirty holes needs to be fixed

Thanks Paulfromsurrey

computerfixguy@hotmail.com

Sun, 06/01/2008 - 07:16
ronald
ronald's picture

it seems not the server is hacked but the script running in those domains.
Some scripts are really badly written and can be exploited easily by appending for instance some string in the url.

Even joomla official website was hacked not too long ago, just to say if someone really sets their mind to it, no script is absolutely safe.

Look into the scripts running in those two domains and see what happened to it and check their documentation/forum for bugs and such.

in addition you can get a program like nessus (http://www.nessus.org/nessus/) to scan the server from your PC.

Sun, 06/01/2008 - 08:29 (Reply to #2)
paulfromsurrey

i have checked one of my site and find out it is index.php was changed

if you can help me add me on msn

computerfixguy@hotmail.com

Sun, 06/01/2008 - 12:02 (Reply to #3)
Joe
Joe's picture

As Ronald explained, you've got insecure scripts running. You may have other security problems, but the evidence definitely points to insecure scripts. Update the applications that allowed their index.php to be changed--if there is no update that fixes the security issues that allowed someone in, then you'll need to find a replacement application.

You can also improve the security of your system by switching to running all applications under suexec. I've discussed setting this up for Virtualmin GPL several times here in the forums (and it's mostly automatic under Virtualmin Professional). You do need an Apache package that has had suexec recompiled with docroot set to /home, however, and we don't provide one for Virtualmin GPL on Fedora (we do provide them for Fedora on Professional, and we provide them for CentOS on GPL...but we try to discourage folks from running Fedora on servers, as the lifecyle is just too short...stability of some applications can also be a problem on Fedora, as it is effectively the public beta of RHEL).

--

Check out the forum guidelines!

Topic locked