D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Apache security flaw - my website cracked

 

On 19/07/06, Ben Goodger <goodgerster@xxxxxxxxx> wrote:
> It wasn't DDOSed, it was cracked into and changed. That is very illegal
> indeed and I know who did it or ordered the attack, hooray. Hopefully the
> logs will show what happened in greater detail.
>
> http://dev.shaunevans.co.uk/ben/
>
> The /wordpress bit was the bit hacked, but I don't have FTP access to it so
> I can't tell whether the data was overridden.. was it?

> > You can prevent common exploits by keeping your server up-to-date as well
> as ensuring the code you use is secure.
>
>
> Apache 2.0.54 with custom patches on FC5 or FC2, can't remember which.

I think you'll find your version of Apache is irrelevent when it comes
to PHP hacks - when you put PHP apps on your server you are opening it
to compromise.

I didn't think there were any recent Apache vulnerabilities, and there
probably aren't, where as PHP is often the culprit.

A.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html