Re: newbie with www user security problem

看板FB_security作者stijn.時間20年前 (2005/08/11 21:47)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/8 (看更多)

--jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 11, 2005 at 09:32:22AM -0400, Ken Hawkins wrote: > we have been hacked by a spammer [snip] > X-AntiAbuse: Board servername - srforum.prosoundweb.com Ouch. You appear to be running a phpBB installation from 2002 (version 2.0.6). That's asking for trouble. A lot of exploits have been found in phpBB since that time, see http://www.phpbb.com/support/documents.php?mode=3Dchangelog and http://www.vuxml.org/freebsd/pkg-phpbb.html There are lots of automated scripts running on already compromised machines that scan other machines for these vulnerabilities. Assuming that is how the spammer got in, there is no telling what he has done after that. You must assume that your machine has been fully compromised. The only way to know for sure that your machine is clean again is to build a new machine from scratch and transfer all your _non-executable_ data to it. You _might_ be able to get away with identifying any and all processes, removing suspicious data from /tmp, /var/tmp and any other OS place, changing passwords on _all_ accounts (but especially sensitive ones like root, your own and www). But you might not find the one backdoor that the spammer left and then you're back to square one again. It's your choice. To prevent this from happening, perform regular port updates and make sure to subscribe to the announcement list of highprofile publicly accessible software that you run. Good luck. --Stijn --=20 A "No" uttered from deepest conviction is better and greater than a "Yes" merely uttered to please, or what is worse, to avoid trouble. -- Mahatma Ghandi --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC+1bKY3r/tLQmfWcRAjHbAJ99kYDIno6CZacSVDUBLiyyxv6UhwCfe2PD 0zdsXE9ysi1OVTldLWofWTA= =NyMM -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP--

‣ 返回看板[ FB_security ] BSD

‣ 更多 stijn. 的文章

文章代碼(AID): #12-rRo00 (FB_security)