LAMP server hacked

Discussion in 'Server Operation' started by v2k, Sep 21, 2009.

  1. v2k

    v2k New Member

    I'm having issues securing my server. It was hacked and the php source was taken. I know this for a fact.

    What I'd like help with is securing the server. I don't know the source of the hole, but I suspect SQL injection. I'm trying to find leads in the logs. Nothing has turned up via chkrootkit.

    I'm pretty sure I've done a terrible job securing mysql on the server, and that the user running it has way too much power. That's the first thing I'm going to look into.

    It's just running LAMP with ssh access.

    Linux 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:02:29 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Please make sure that all your PHP applications are up to date. In addition to that, you might want to consider installing Suhosin and mod_security on your server.
     
  3. v2k

    v2k New Member

    Is it bad to be using Fedora7 as a server? I was told it's not updated like their latest releases and might miss some security updates.

    I'm already running mod_security; thanks for suhosin, I'll check that out.
     
  4. falko

    falko Super Moderator ISPConfig Developer

    I wouldn't call it bad, but it's quite old indeed, and there are no updates anymore which means there *could* be security holes...
     
  5. Leszek

    Leszek New Member

    Also run mysql_secure_installation and restrict the user using the database only to he's own database.
     

Share This Page