2 CommentsAny of you run your own hosting servers? I run a few.
Late last night one of my oldest servers got rooted. It was somewhat amatureish in execution, for which I am thankful, and I caught them before they covered all their tracks and succeeded in getting everything they wanted set up. Still, it's a huge hassle and I've already set up a replacement server and I'm migrating domains over to it as I type this.
This server has been attacked dozens of times over the past few years, probed hundreds, and there have been marginally successful break-ins before. Nothing at the root level, but breaking a wordpress site here, abusing a phpscript to try and spam people there. I've had to remain pretty vigilant, but apparently I wasn't quite ahead of the curve on this last one.
Now, I'm not anti-hacker completely. As a kid I'd see what I could break into, but I never did any damage and if I was successful I would always alert the admins to the problem. This ticked some people off, and I understand that, but many were grateful. The attacks I see now are nothing of the sort. Hackers these days seem to be out to abuse the server for whatever gain they can get. Sending spam, setting up their own services, etc. Basically they are low life scum whom I would have no reservations pummeling with any number of blunt or sharp objects.
So who here deals with this issue? I use a variety of tools to keep an eye on things, and detect changes where there shouldn't be any. I'd like to find some good feeds to start following on security/exploits so I can keep further ahead and would love some recommendations.
Scrivs
Written May. 25, 2008 / Report /
Stop using Windows 98 for your hosting needs?
Ozone42
Written May. 26, 2008 / Report /
found the entry point as well as a lot of evidence who the culprit was.
Still migrating to the new server. Debian finally (it wasn't previously available)