Hi,
I'm using CSF (btw, where can I see which version is it?) and I just found one of my servers has been hacked.
Looking at the /var/log/lfd.log, I see that a user which was created by the attacked ("ghost") is using a security exploit to gain root, but I didn't get any email nor did I find the following details:
1. Which security exploit is it?
2. How can I automatically block the offending IP?
I looked accross the csf.conf and I didn't find anywhere such options. Could you please tell me which options to set the 2 items?
How do I really see which security exploit that damn kid used? this is the most important issue for me..
One last thing: I was hacked by this "Ghost Iraq" - any good web site where I can find which exploit they use and how I can block it?
Thanks,
Hetz
root exploits
Re: root exploits
most hacking are done from application level nowadays. Assuming your box has already been harden, they will usually hack through exploits from un-updated wordpress or phpmyadmin.
I have had attack from phpmyadmin before. The default phpmyadmin have a setup folder which is full of vulnerability. I usually remove the whole setup folder whenever I install phpmyadmin.
As for how you got hacked, you need to check your logs and analyse them. Sometimes you might find traces and sometimes nothing. It's not easy to find.
I have had attack from phpmyadmin before. The default phpmyadmin have a setup folder which is full of vulnerability. I usually remove the whole setup folder whenever I install phpmyadmin.
As for how you got hacked, you need to check your logs and analyse them. Sometimes you might find traces and sometimes nothing. It's not easy to find.
Re: root exploits
hacking wordpress will give you the account, not root level access.
My question was about csf itself: it shows a message about security exploit, why not show the process name/pid that it happens, that will make life much easier to trace and fix..
My question was about csf itself: it shows a message about security exploit, why not show the process name/pid that it happens, that will make life much easier to trace and fix..
-
- Junior Member
- Posts: 73
- Joined: 17 Feb 2009, 14:14
- Contact:
Re: root exploits
In ssh console type the following:(btw, where can I see which version is it?)
Code: Select all
csf -v
csf: v5.73 (cPanel)
Re: root exploits
Hacking wordpress are done from application level.
Im not sure it's not root level access.
Im not sure it's not root level access.