From: Katharina W. <wol...@fh...> - 2013-03-14 14:05:23
|
Hi Stephen, I'm not quite sure, how to do the diff-command over to different servers. Can you point me to a how-to? The servers can talk to each other via ssh if that would help btw. The sitecheck.sucuri.net/scanner/ gave both servers a "clean bill of health" which is a bit promising, I think/hope. :-) I've bookmarked the link. :-) Thanks for all the tipps! Kate Am 14.03.2013 14:36 schrieb Stephen Hovey: > Well.. in the case of the site I had.. urls never directly called a file > with a php extension.. so I looked thru the apache logs for calls to files ending .php > > I also compared the live directory structure with a copy of the distribution version (it was an open source cms) to see which files shouldn't be there, and which weren't standard any more. > > If you have a backup copy in one place and live copy on another, on linux a command to do this would be: > diff -qr /pathtolive/ /pathtogoodbackup/ > > > I also scanned my own site using this site's tool > > http://sitecheck.sucuri.net/scanner/ > > It's how I located a poisoned javascript file. > > -----Original Message----- > From: Katharina Wolkwitz [mailto:wol...@fh...] > Sent: Thursday, March 14, 2013 9:28 AM > To: vuf...@li... > Subject: Re: [VuFind-General] Vufind 1.4 server with overnight-amnesia > > Am 13.03.2013 17:51 schrieb Stephen Hovey: >> I would check for signs of hacking.. I had a web site once that got hacked, > and the only reason I noted it right away is that the site broke for a short > period, then suddenly worked again.. The hacker broke it then fixed it, adding > his extra payload. > > Horryfiyng thought... > How would I look for signs of hacking? > > Well - one thing I finally got around to is switch on the firewall, which now > only allows the following: HTTP, HTTPS, SVNserve and TCP-Port-22 (in combination > with a list of IPs in the /etc/hosts.allow-file). > > I guess I'd need to analyse the (Apache-)logs for (outgoing) traffic that > shouldn't be there. > Can you recommend a good and especially easy to install, configure, understand > (!!!) and use tool? > > As you can easily guess from the above I'm not a very well versed server > administrator, especially when network-security-issues are concerned. > > Kate |