North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: shared hosting and attacks [FWD: [funsec] HostGator: cPanel Security Hole Exploited in Mass Hack]
On 24 Sep 2006, at 04:00, Gadi Evron wrote: [...] With thousands of sites on every server and virtual machines everywhere,Hence why I'm rather partial to the ROT13 of a certain such application: cucOO. [...] We all (well, never say all, every, never, ever, etc.), many of us faceWell, I *did* at one point have a script that looked for files with any of a list of MD5 sums and chmod them 000 if it found one. Grepping for "Matt Wright" in Perl scripts and chmodding them is also not a bad idea :) Actually, even bothering to use Unix user accounts rather than running everything under the Apache uid (or sometimes nobody or root!) would be a fine start.2. Much stronger security enforcement on servers. 3. "Quietly patching" user web applications without permission. I would like to plead the Fifth at this point. This seems to be a popular enough technique, as long as the money still keeps rolling in, but not one I particularly subscribe to because the bad reputation gets round after a while.4. JGH - Just getting hacked. Hacked accounts aren't evenly distributed over the customer base. A judiciously-applied account suspension or bollocking goes a long way.What have you encountered? What have you done, sorry, heard of someone else do, to combat this very difficult problem on your networks?
|