[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Wed Jun 3 05:57:20 UTC 2009
JohnS <jses27 at gmail.com>

On Wed, 2009-06-03 at 00:46 -0500, John R. Dennison wrote:
> On Wed, Jun 03, 2009 at 12:30:10AM -0500, Neil Aggarwal wrote:
> > 
> > It would be prudent to review his web code to see
> > if he did something in an insecure way.  If his code
> > is open to attack, it will be so even if he puts it
> > on a new machine.
> 
> 	Hence my statements to evaluate the web-apps he has running :)
> 
> 	I will bet dollars to donuts he had a web app with a known issue
> 	that was not patched.  Also goes back to my previous statement
> 	of fully patching.
> 
---
Dollars to Donuts ehhh???
How many donuts you think it will take to pay for legal costs and clean
up if there are customer data on the machine? I think right about now I
would:
1. Notify Risk Management and Your Compliancy Officer.
2. Take it off the network connections.
3. Do a live rsync and dd image + ram copy = running processes/hidden.
4. Same as 3. but with the machine off.
5. The company attorney needs to be notified.
6. By State and Federal Law in the US you have so many days to report
incidents like this to users (customers) and law enforcement.

JohnStanley