"sh -i" My server was hacked. How can i found hole on my server?
gabor.kovesdan at t-hosting.hu
Mon Jun 27 10:31:34 GMT 2005
Oleg Rusanov wrote:
> What is better to do for clean my system?
You should backup the data You need. You can also save You configuration
files: httpd.conf, etc. Then make a clean install from disc. The
intruder could install a rootkit, and modify system binaries. The best
thing You can do is reinstall everything.
>How can i found hole on my server?
It is the harder part.
1, Check You FreeBSD version in uname -a. Is it up-to-date? Have You
upgraded to the appropriate security branch? Or does it have some
2, Think about what network daemons You are using. Check the version
numbers and look for security advisories on the project homepage and in
mailing list archives. Does something have a vulnerability?
3, Now. Check all the homepages You have. There could be somewhere a
deficiency in point of security? If You use open-source portal projects
like phpbb You mentioned, look for security advisories on the project
homepage, or in mailing list archives. If You have custom php code, You
should examine them.
4, You can never trust anybody.... Is there local users on the machine?
They might take a local root exploit if there is such vulnerability. If
You haven't found the hole so far, You should look for advisories
again... You should examine every package that You have installed.
The prevention is extremely important:
1, Subscribe to freebsd-announce and to freebsd-security-notifications
and upgrade Your system if necessary.
2, Subscribe to announce and security lists of *each* software You use
and upgrade them if necessary.
3, Place only trusted and secure code to the hosted websites.
4, If somebody don't need a unix account don't give him one. Or if he
need, try to minimize the privileges he gets. The most powerful
protection is to setup a jail environment and using this for giving out
P.S.: I've removed freebsd-amd64 from cc list, since it is related to
More information about the freebsd-security