[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?
jennyw at dangerousideas.com
Wed Nov 21 13:26:38 EST 2001
Yeah, I'd love to dump them, but there is this little issue of money ... I
can't find anything close to as expensive that doesn't have a huge setup
fee. Ugh. The main reason I don't run the server at home is because of
bandwidth, and because I'd rather have hackers breaking into systems
*outside* of my home network. Of course, with only 300 MB transferred per
month, a 384 connection might not be too bad.
----- Original Message -----
From: "Michael Carson" <mikecarson at usa.net>
To: "TechTalk" <techtalk at linuxchix.org>
Sent: Wednesday, November 21, 2001 11:29 AM
Subject: Re: [Techtalk] Server was broken into ... what good tools are there
to probe vulnerabilities?
> Raven, corporate courtesan wrote:
> > Heya --
> > Quoth jennyw (Wed, Nov 21, 2001 at 09:54:24AM -0800):
> >> Except that my backups would be DNS Zones, MySQL database files, php
> >> files,
> >> html files, and images. I figure if I read through the zone files and
> >> php
> >> files I should be okay. Plus, the php files should execute as nobody
> >> anyway,
> >> so the damage would probably be limited, no?
> > You'd think. Check those PHP files. But getting nobody access
> > is usually pretty good, since a lot of programs now run as 'nobody'
> > rather than root by default. So the nobody account has more priviliges
> > than you'd think.
> You might want to run your various servers as individual users for
> exactly that reason. That way they don't cross compromise. OTOH,
> unless you keep up with the latest exploits and patches, there is likely
> to be at least **one ** local root exploit available on the box.
> Jenn, it really sounds like you need to take your business away from
> your current provider, even if that means getting a business DSL line
> and adminning the whole thing yourself...
> Techtalk mailing list
> Techtalk at linuxchix.org
More information about the Techtalk