On Sun, Jan 1, 2012 at 6:03 PM, Fajar Priyanto fajarpri@arinet.org wrote:
On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER rilindo@me.com wrote:
The script in question is an exploit from a web board which is
apparently designed to pull outside traffic. If you had SELinux, it would put httpd in its own context and by default, it will NOT allow connections from that context to another. You have to enable it with:
The only time my server got hacked was because of phpBB. Using cross-site scripting, the hacker managed to put a pl file and when I ran it, it opened a console. Apparently you are running one of the web boards.
I'm not running phpBB or vBulletin. The script apparently runs on machine X to attack a *different* machine Y where machine Y has vBulletin installed on it.
Pls follow up any security advisories of that product and any addon/module closely.
If you are really curious how yours got hack. You can setup similar system and put a bounty (maybe $1000) in one of the underground community for anyone to hack it and tell you how they do it.
Is there a non-"underground" place to post such requests? It's not illegal to offer a bounty to someone for finding a security hole in your system -- Facebook, Google, and Mozilla all do it.
Bennett