#1  
Old 21st September 2009, 01:16
v2k v2k is offline
Member
 
Join Date: Sep 2007
Location: Vancouver, Canada
Posts: 93
Thanks: 3
Thanked 1 Time in 1 Post
Default LAMP server hacked

I'm having issues securing my server. It was hacked and the php source was taken. I know this for a fact.

What I'd like help with is securing the server. I don't know the source of the hole, but I suspect SQL injection. I'm trying to find leads in the logs. Nothing has turned up via chkrootkit.

I'm pretty sure I've done a terrible job securing mysql on the server, and that the user running it has way too much power. That's the first thing I'm going to look into.

It's just running LAMP with ssh access.

Linux 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:02:29 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
Reply With Quote
Sponsored Links
  #2  
Old 21st September 2009, 13:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Please make sure that all your PHP applications are up to date. In addition to that, you might want to consider installing Suhosin and mod_security on your server.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st September 2009, 18:50
v2k v2k is offline
Member
 
Join Date: Sep 2007
Location: Vancouver, Canada
Posts: 93
Thanks: 3
Thanked 1 Time in 1 Post
Default

Is it bad to be using Fedora7 as a server? I was told it's not updated like their latest releases and might miss some security updates.

I'm already running mod_security; thanks for suhosin, I'll check that out.
Reply With Quote
  #4  
Old 22nd September 2009, 16:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

I wouldn't call it bad, but it's quite old indeed, and there are no updates anymore which means there *could* be security holes...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 22nd September 2009, 20:29
Leszek Leszek is offline
Senior Member
 
Join Date: Nov 2006
Location: Poland,Włocławek
Posts: 369
Thanks: 22
Thanked 42 Times in 35 Posts
Send a message via Skype™ to Leszek
 
Default

Also run mysql_secure_installation and restrict the user using the database only to he's own database.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Why do I see message about Apache, CPanel & WHM. I don't run cpanel! websissy Installation/Configuration 3 18th November 2008 22:16
subdomain and mail relay configuration aranthorn Installation/Configuration 24 3rd September 2007 22:53
Setting up a backup mail server setup with two installations of ISPConfig zitch Tips/Tricks/Mods 7 30th December 2006 10:07
How to test a LAMP server satimis Server Operation 5 17th November 2006 14:28
Webmail Relay Error palkat General 17 23rd April 2006 18:12


All times are GMT +2. The time now is 02:45.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.