[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?
Michael Carson
mikecarson at usa.net
Wed Nov 21 15:29:40 EST 2001
Raven, corporate courtesan wrote:
> Heya --
>
> Quoth jennyw (Wed, Nov 21, 2001 at 09:54:24AM -0800):
>
>> Except that my backups would be DNS Zones, MySQL database files, php
>> files,
>> html files, and images. I figure if I read through the zone files and
>> php
>> files I should be okay. Plus, the php files should execute as nobody
>> anyway,
>> so the damage would probably be limited, no?
>>
>
> You'd think. Check those PHP files. But getting nobody access
> is usually pretty good, since a lot of programs now run as 'nobody'
> rather than root by default. So the nobody account has more priviliges
> than you'd think.
>
You might want to run your various servers as individual users for
exactly that reason. That way they don't cross compromise. OTOH,
unless you keep up with the latest exploits and patches, there is likely
to be at least **one ** local root exploit available on the box.
Jenn, it really sounds like you need to take your business away from
your current provider, even if that means getting a business DSL line
and adminning the whole thing yourself...
C.
More information about the Techtalk
mailing list