from

www.teampoint-koeln.de 217.91.108.221
www.wdiet.co.kr 218.55.227.145

he copied on the server http://www.wdiet.co.kr/include/tusuk.jpg
Pararunten Juragan
Ngiring Raos SakediK


:
User Info: uid=() euid=() gid=()
Current Path:
Permission Directory:
Server Services:
Server Address:
Script Current User:
PHP Version:

and run a perl script on the server

What damage did to the server:
- delete some "/logs/error.log"
- broke several databases

What should I need to do to protect the server?

thanks

1) Check your server with rkhunter.
2) Make sure that all available updates had been installed on the server.
3) Which system user owned this perl script?
4) If you have roundcube installed on your server, e.g. as ispconfig addon, make sure that you update it to the latest available release.

Some general things:

- Enable php safemode when ever possible for a website that uses php
- Keep your cms systems that you installed in the wesbites up to date. mayn hacking attempts come trough vulnerable cs systems or extensions e.g. for joomla.

thank you till for your response

1) the server was ok after checking with rkhunter
2) not all updates were installed, now is up to date
3) a user on a site which was installed joomla with module sobi2
4) yes it was installed, but not as addon, and was not updated to the latest version

yes is easy, i can activate the option safemode for every website

but how to limit the effects of cms & extensions that are not updated, I can not update them, each developer needs to update his software

how to limit scripts outsite web/

thanks

how to limit scripts outsite web/

enable php safemode.

if i enable php safemode
perl scripts will also be limited to "web" ?

No, thats only for php scripts. Perl scripts can not be limited like this, but if you enable suexec the perl scripts are run by the website user and not the apache user.