Search Results

Search found 6 results on 1 pages for 'deface'.

Page 1/1 | 1 

  • Website defaced, what can I do?

    - by SteD
    My company's website has been defaced, provided I have the apache raw access log, is there anything I could do to analyze when and what went wrong? I mean what to look out for among all those thousands and thousands line of log? Thanks for the help

    Read the article

  • Website defaced, what can I do?

    - by SteD
    My company's website has been defaced, provided I have the apache raw access log, is there anything I could do to analyze when and what went wrong? I mean what to look out for among all those thousands and thousands line of log? Thanks for the help

    Read the article

  • What does this URL structure mean?

    - by SteD
    Does this mean that it will be looking for index.php and provide the GET variable y with /home/xxx/public_html/control/&x=shell? http://www.xxx.com/control/?y=/home/xxx/public_html/control/&x=shell Long story: Website got defaced, and found this b374k script when browsing to one of the page, I am trying to figure out where exactly they injected this script, thus trying to figure out a hint from this url where the scripts resides in.

    Read the article

  • Rack processes taking over CPU under Passenger

    - by pjmorse
    I have a Spree site running the following stack: Nginx 1.0.8 Passenger 3.0.9 Ruby 1.9.2-p290 Rack 1.3.6 Rails 3.1.4 Spree 0.70.5 I recently upgraded from Spree 0.70.3, which also brought a Deface upgrade from 0.7.x to 0.8.0. Since then things have been very unstable. Recently we've seen some CPU-hogging processes which drive load up on the server and grind the whole thing to a stop. They're Rack processes and it looks like Passenger is starting them; they're owned by the site-runner user, an unprivileged user who owns the application code. (Passenger automatically runs the site code as the user who owns it.) If I restart Nginx and kill the runaway processes, it helps for a while, but eventually similar processes return and bog things down again. How can I figure out what's starting these processes, what they're trying to do, and how to stop them?

    Read the article

  • How Do I Secure WordPress Blogs Against Elemento_pcx Exploit?

    - by Volomike
    I have a client who has several WordPress 2.9.2 blogs that he hosts. They are getting a deface kind of hack with the Elemento_pcx exploit somehow. It drops these files in the root folder of the blog: -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 default.htm -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 default.php -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.asp -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.aspx -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.htm -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.html -rwxr-xr-x 1 userx userx 1459 Apr 16 04:25 index.php* It overwrites index.php. A keyword inside each file is "Elemento_pcx". It shows a white fist with a black background and the phrase "HACKED" in bold letters above it. We cannot determine how it gets in to do what it does. The wp-admin password isn't hard, but it's also not very easy either. I'll change it up a little to show you what the password sort of looks like: wviking10. Do you think it's using an engine to crack the password? If so, how come our server logs aren't flooded with wp-admin requests as it runs down a random password list? The wp-content folder has no changes inside it, but is run as chmod 777 because wp-cache required it. Also, the wp-content/cache folder is run as chmod 777 too.

    Read the article

  • Running multiple sites on a LAMP with secure isolation

    - by David C.
    Hi everybody, I have been administering a few LAMP servers with 2-5 sites on each of them. These are basically owned by the same user/client so there are no security issues except from attacks through vulnerable deamons or scripts. I am builing my own server and would like to start hosting multiple sites. My first concern is... ISOLATION. How can I avoid that a c99 script could deface all the virtual hosts? Also, should I prevent that c99 to be able to write/read the other sites' directories? (It is easy to "cat" a config.php from another site and then get into the mysql database) My server is a VPS with 512M burstable to 1G. Among the free hosting managers, is there any small one which works for my VPS? (which maybe is compatible with the security approach I would like to have) Currently I am not planning to host over 10 sites but I would not accept that a client/hacker could navigate into unwanted directories or, worse, run malicious scripts. FTP management would be fine. I don't want to complicate things with SSH isolation. What is the best practice in this case? Basically, what do hosting companies do to sleep well? :) Thanks very much! David

    Read the article

1