On Sun, Jan 1, 2012 at 6:03 PM, Fajar Priyanto <fajarpri at arinet.org> wrote: > On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER <rilindo at me.com> wrote: > > The script in question is an exploit from a web board which is > apparently designed to pull outside traffic. If you had SELinux, it would > put httpd in its own context and by default, it will NOT allow connections > from that context to another. You have to enable it with: > > The only time my server got hacked was because of phpBB. Using > cross-site scripting, the hacker managed to put a pl file and when I > ran it, it opened a console. > Apparently you are running one of the web boards. > I'm not running phpBB or vBulletin. The script apparently runs on machine X to attack a *different* machine Y where machine Y has vBulletin installed on it. > Pls follow up any > security advisories of that product and any addon/module closely. > > If you are really curious how yours got hack. You can setup similar > system and put a bounty (maybe $1000) in one of the underground > community for anyone to hack it and tell you how they do it. > > > Is there a non-"underground" place to post such requests? It's not illegal to offer a bounty to someone for finding a security hole in your system -- Facebook, Google, and Mozilla all do it. Bennett