[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?

[Michael Carson]

jennyw wrote:

>It was actually kind of weird that the hackers got into the site and added
>html files to two sites without actually defacing either.  Makes me think
>they didn't quite finish the job.
>
    The real pros aren't after a defacement, most of the time, and 
increasingly, neither are the script kiddies.  They may be using you as 
a launch point for attacks against another system, as a file repository, 
as a place to run a chat or game server, as a launch point for DDoS 
attacks, or even as one way to get more CPU time for SETI at Home.

>
>Of course, you're probably right, I should try to check everything.
>Unfortunately, this is a virtual server provided by a hosting company that
>is none too responsive when it comes to support calls. They haven't
>contacted me since I sent them an e-mail about this Sunday night. I may ask
>them to reset the system since it really is just configured as a Web server.
>Knowing them, they'll want to charge me a setup fee ... Ugh. I hate
>Infinology. Unfortunately they were the only hosting company I could find
>that I could host a DNS server and unlimited virtual domains at without
>having to pay >$100/month. If anyone knows of alternatives, I'd love to hear
>about them!
>
    My only suggestion would be to get a DSL line from Speakeasy.net or 
some other provider that will allow you to run a server (business class 
account?) and run it from home.  It's educational, you are as responsive 
to yourself as you desire for tech support, and it solves your home 
broadband access issues, too.
    IMHO, their response (or lack of same) is entirely unacceptable. 
 Unless, of course, they are feverishly working to contain a massive 
break-in and aren't responding to related issues until they get a handle 
on it.  Unlikely, but possible.


C.