|
Re: Hacked
I'm surprised that so far people have missed the obvious step of first looking at what you've got that you control before assuming that the problem is with the host (which it may well be, but, that shouldn't be the first thing to check for).
Questions you should ask yourself include:
What software do you have installed in your webspace? (check and make sure there aren't little temporary things installed just for testing that were never removed and never properly secured, this happens often)
Is it up to date? (this can especially be a problem if your team is using a CMS or old versions of phpBB2 or other forum software)
If what you've got is custom written, has it been checked over by someone knowledgable other than just the person who wrote it? If not, maybe it's time to audit it.
Assuming you have access to the web server access logs and error logs, read them carefully for the period of time before the last time you had problems. If the exploit is attacking something your team has control over, it's likely to appear strange and show up there. Be especially vigilant for things like phpShell and such which you don't recognize as being part of a normal type of request.
__________________
Alumni of FRC Team 1006
Former mentor of Full Lego Alchemist (FLL 5621) - Sempar School / Computing Students' Association of Queen's University
|
Look past the robot. Look past your team. Science and technolgy are studies worth devoting your life too. - KenWittlief [more] 
24-10-2007, 06:32
Similar Threads
Threaded Mode