[CentOS] an actual hacked machine, in a preserved state

Fajar Priyanto fajarpri at arinet.org
Mon Jan 2 02:03:51 UTC 2012


On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER <rilindo at me.com> wrote:
> The script in question is an exploit from a web board which is apparently designed to pull outside traffic. If you had SELinux, it would put httpd in its own context and by default, it will NOT allow connections from that context to another. You have to enable it with:

The only time my server got hacked was because of phpBB. Using
cross-site scripting, the hacker managed to put a pl file and when I
ran it, it opened a console.
Apparently you are running one of the web boards. Pls follow up any
security advisories of that product and any addon/module closely.

If you are really curious how yours got hack. You can setup similar
system and put a bounty (maybe $1000) in one of the underground
community for anyone to hack it and tell you how they do it.



More information about the CentOS mailing list