On Wed, Jun 3, 2009 at 9:22 AM, Linux Advocate <linuxhousedn at yahoo.com> wrote: > > i am not worried abt reinstalling ( i loathe doing it ) but my worry here ( as some of you have accurately pointed out ) is that the 'issue' will repeat again bcos i just downt know what happened. I m just surprised that a centos box was compromised. > > The box is unplugged now. > > Any more ideas? Keep the old OS data for forensic analysis, but build a fresh install with only the essential services needed to host the web site, not manage it. It may be a lot of work, but going forward think about using Xen PV domains for the edge web hosts on vlans in a dmz. You can mount the web data via a read-only NFS share through the DMZ firewall, and have 2 hosts balanced and a 3rd as a "hot-spare" host in case any of the first two get compromised. Even better build a web host image, take LVM snapshots of it and have Xen boot those! Software inheritenly has bugs, and some of those bugs will lead to security compromises. Keep your software up to date, only install necessary services, build your security in layers and have a backup plan. -Ross