Diary of a hacked web server Part 2
I have been checking the server further and it seems the cracker had not gained root privileges. I am just worried about the fact that he have been able to use a remote shell during certain time as www-data user.
As I already mentioned in the previous post I run chkrootkit but it did not spot any rootkit in the computer.
In any case I will reinstall the server ASAP.
To avoid vulnerabilities like the one in WebCalendar I will also install the mod_security apache module and I will configure it with the mod_security_rules from gotroot. mod_security acts like a firewall at the web application level.
I have also learned the lesson that it is better to install web applications using the packages of your distribution so you get for free the security updates and you only have to worry about applying the distribution security patches and not to look for the patches for each web application you have installed.
As I already mentioned in the previous post I run chkrootkit but it did not spot any rootkit in the computer.
In any case I will reinstall the server ASAP.
To avoid vulnerabilities like the one in WebCalendar I will also install the mod_security apache module and I will configure it with the mod_security_rules from gotroot. mod_security acts like a firewall at the web application level.
I have also learned the lesson that it is better to install web applications using the packages of your distribution so you get for free the security updates and you only have to worry about applying the distribution security patches and not to look for the patches for each web application you have installed.
posted by alcachi at 2:52 PM
0 Comments:
Post a Comment
<< Home