From: Rob M. <rob...@gm...> - 2007-01-08 18:24:53
|
On 1/8/07, ope...@ya... <ope...@ya...> wrote: > > Happy New Year to all of you out there. > > I just return from vacations and found my computer was attacked by hackers. > This is the second time in less than a year. I don't have a lot of services > open (only SFTP, SSH (on a non-default port) and web). I can't tell what > they did or not, but they did change my main user password. They seem to > have gained access through my apache/php server. Probably an insecure script. Until you fix that script you're wasting your time. > Because ALL of you use linux out there and MOST OF YOU run your own > webserver, to run Motion, I am looking for ideas or information on how you > secure your server and whether you have gotten attacked. 1) Lock it down 2) See (1) :-) For detecting attacks the likes of Samhain/Tripwire/Aide are useful. However you really want to stop them from breaking in to begin with. There are plenty of good papers/site on how to do this - look at SecurityFocus.com for starters. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche |