[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [atlarge-discuss] Hack Report
Abel Wisman wrote:
> To do a fornesics on remote almost non-existing knowledge of the server
> this was running on is impossible.
> If it is interesting at all, decent forensics on hacked machines are
> done locally.
>
> Undoubtedly it was a php exploit that was used, since the forum used
> php.
Probably. I've found plenty of people use phpMyAdmin for the GUI ease of
handling of MySQL backends, though oftentimes they forget to htaccess
protect the phpMyAdmin directory which leaves the dbase wide open to
intrusion. I wonder if that was the case here?
>
>
> It still means the entire server is compromised, only decent thing to do
> with that is replace disk, and start from scratch, been there, done
> that, got the diploma.
Exactly.
>
>
> Please, with all die respect NEVER state that "only a part" of the site
> was hacked, whoever did it rooted the machine: -eof-
>
> Most ideally you would have clean back-ups of all content.
>
> Sorry, but this is experience and realism
Amen.
Sincerely,
Sotiris Sotiropoulos
---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de