I'm having issues securing my server. It was hacked and the php source was taken. I know this for a fact. What I'd like help with is securing the server. I don't know the source of the hole, but I suspect SQL injection. I'm trying to find leads in the logs. Nothing has turned up via chkrootkit. I'm pretty sure I've done a terrible job securing mysql on the server, and that the user running it has way too much power. That's the first thing I'm going to look into. It's just running LAMP with ssh access. Linux 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:02:29 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
Please make sure that all your PHP applications are up to date. In addition to that, you might want to consider installing Suhosin and mod_security on your server.
Is it bad to be using Fedora7 as a server? I was told it's not updated like their latest releases and might miss some security updates. I'm already running mod_security; thanks for suhosin, I'll check that out.
I wouldn't call it bad, but it's quite old indeed, and there are no updates anymore which means there *could* be security holes...
Also run mysql_secure_installation and restrict the user using the database only to he's own database.
