from www.teampoint-koeln.de 217.91.108.221 www.wdiet.co.kr 218.55.227.145 he copied on the server http://www.wdiet.co.kr/include/tusuk.jpg Code: Pararunten Juragan Ngiring Raos SakediK : User Info: uid=() euid=() gid=() Current Path: Permission Directory: Server Services: Server Address: Script Current User: PHP Version: and run a perl script on the server What damage did to the server: - delete some "/logs/error.log" - broke several databases What should I need to do to protect the server? thanks
1) Check your server with rkhunter. 2) Make sure that all available updates had been installed on the server. 3) Which system user owned this perl script? 4) If you have roundcube installed on your server, e.g. as ispconfig addon, make sure that you update it to the latest available release. Some general things: - Enable php safemode when ever possible for a website that uses php - Keep your cms systems that you installed in the wesbites up to date. mayn hacking attempts come trough vulnerable cs systems or extensions e.g. for joomla.
thank you till for your response 1) the server was ok after checking with rkhunter 2) not all updates were installed, now is up to date 3) a user on a site which was installed joomla with module sobi2 4) yes it was installed, but not as addon, and was not updated to the latest version yes is easy, i can activate the option safemode for every website but how to limit the effects of cms & extensions that are not updated, I can not update them, each developer needs to update his software how to limit scripts outsite web/ thanks
No, thats only for php scripts. Perl scripts can not be limited like this, but if you enable suexec the perl scripts are run by the website user and not the apache user.
