[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Server Hacked

On Fri, 19 Aug 2005, Brian C wrote:

> Hi Peter,
> Peter Palfrader wrote:
> > On Thu, 18 Aug 2005, Brian C wrote:
> > 
> >>I run Debian-testing and generally stay on top of updates.
> > 
> > That's a silly thing to do.
> > 
> > http://www.debian.org/security/faq#testing
> If my server had been running stable, then, in my case at least, it
> would not have been running tor.

deb http://mirror.noreply.org/pub/tor sarge main

> I'm still sort of surprised that this group of what I thought was fairly
> skilled developers hasn't provided one link or suggestion on how best to
> 1) identify the vulnerability exploited on a hacked server or 2)
> identify the likely perpetrator of a defacement. Searching around I find
> lots about how to prevent hacks in the first place but very little
> that's helpful in dealing with it once it's happened.

Dealing once it's happened?  Reinstall, and don't run services that you
can't trust.  Anything PHP related, and phpbb are on the top of things
that I'ld blame, but you run so many things it's hard to tell and
crystall balls are hard to come by these days.

Nobody will be able to tell you what said cracker used with certainty
just from this single email.  Also, this is /not/ the OMG-I-got-0wned

 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/