Tuesday, July 10, 2007

we secured one server for an annonymous client

The ISC handler mailbox has received multiple reports of web site defacement attempts apparently using the "Defacing Tool 2.0 by r3v3ng4ns" suite of php based scripts intended to deface websites leveraging PHP remote file inclusion
[The box i found this tool was an old rh8.0 box with default php and httpd and allow_url_fopen on !!, solution was to compile all the newest and the greatest stable versions that works for that site
httpd-2.2.4 (latest recomeded)
mod_perl-2.0.3
php-4.4.7
tomcat-connectors-1.2.23 (mod_jk)

I  work now to upgrade  openssh to newest version http://openssh.org/
ssh should only permit access with ssh_key and not with the plain text like is configured now and access should be restrincted to a few users 
I will  continue after that with aide installation and log monitoring.
 then will install mod_security after all  http://www.securityfocus.com/infocus/1706
]

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

technorati tags:, , , , , , , , ,

Blogged with Flock

No comments: