[CentOS] Server Hacked: Cpanel

Wed Aug 9 16:48:11 UTC 2006
Drew Weaver <drew.weaver at thenap.com>

Drew Weaver wrote:
> 	If they got in via SSH and all they did was deface his website
> they must be stand-up guys, huh? 

Indeed.  I try to be reasonably quick about updates and the occasional 
short-notice ssh exploit is rather scary.

---

I've found that at least 75-80% of the time there is a compromise the
"hacker" doesn't have "local" access to the system, meaning a shell.
They simply upload a script to /tmp, run it, and that's their damage. If
they are getting in via SSH someone has a bad security policy.

-Drew