Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Index.php Injected to Site by Cracker

__/ [ Roy Schestowitz ] on Wednesday 04 October 2006 14:32 \__

> __/ [ Baho Utot ] on Tuesday 03 October 2006 00:02 \__
> 
>> Roy Schestowitz wrote:
>> 
>> [putolin]
>> 
>>>>> A quick check reveals the following:
>>>>> 
>>>>> -rw-r--r--    1 schestow schestow      450 Jun  6  2005 index.htm
>>>>> -rw-r--r--    1 nobody   nobody       1.5K Aug  5 20:58 index.php
>>>>> -rw-r--r--    1 schestow schestow      32K Oct  1 20:13 resindex.htm
>>>> 
>>>> 
>>>> Looks like apache put it there,  See the nobody user.
>>>> Open your httpd.conf and find out which user apache runs under
>>>> I think it will be nobody
>>> 
>>> 
>>> Can only root check this? I doubt I have access to this file. Is it a
>>> aper-user config file? If so, I am not sure what path it's under.
>>> 
>> 
>> Yes, If the server is properly configured only root can get to it.
>> 
>> It should be in /etc/httpd/
> 
> Many thanks again. I am somewhat fearful that getting the host involved
> will devour a lot of time and effort. Surely I could also look at the logs
> and try to assess things in a post morten fashion. If this ever recurs, I
> will definitely take action, but truthfully I have not done anything yet.
> 
> You'd probably think I'm naive for taking that stance, which is fair
> enough.

Off-topic perhaps...

http://www.dedicatedhostingcompanies.com/uncategorized/hacked-by-my-host-be-careful/

This has just hot the front page od Digg. I'm not suggesting I was a victim,
but it's a good read that I thought you'd appreciate.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index