[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?
Jen Wu
jen at dangerousideas.com
Tue Nov 20 01:42:28 EST 2001
I just discovered my server had been broken into. This happened a couple of
weeks ago, actually ... I only discovered it now that I've been going over
Web logs. I found requests for some files that I was sure I didn't put on my
system (mafia.html and bedul.html). I looked around for other files, but
these appear to be the only ones. Both are owned by root and set to read
only. I assume this means they got root access?
The system is a virtual dedicated server at Infinology. They claim their
servers are secure, but I've found they're kind of a hokey operation and I'm
not sure I trust them (I'm strongly considering just dumping them and moving
everything to a box at home). It's also possible that something I installed
has an exploit (PostNuke .64 would be the most likely candidate), but this
is unlikely since they're all Web apps and the Web server is definitely not
running as root.
Can people suggest tools I can use to probe vulnerabilities of my system?
Thanks!
Jen
More information about the Techtalk
mailing list