Tenon Intersystems Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation

Search tenon.com

Thanks to:

iTools
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

Re: Tenon iTools 8 Server Hacked

To: itools@xxxxxxxxxxxxxxx
Subject: Re: Tenon iTools 8 Server Hacked
From: Joe Savelberg <joe@xxxxxxxxxxx>
Date: Mon, 25 Jul 2005 21:30:43 +0200
Brice,

This happened to us in February... the hackers used a security hole in phpBB2. I had to replace the index files for 120 sites from our nightly backup. After updating to the latest PHP and additional packages, the server is safe again.

You should have a look through your Apache log files. Search for "system(chr(101)" or "echr". Usually these kind of requests indicate an attack.

You might want to secure your server using something like mod_security: http://www.modsecurity.org

Good luck,

Joe.


At 7:42 PM +0200 7/25/05, Ex Machina wrote: 
My Tenon iTools 8 server has just been compromised.
All my virtual websites display :
A1TS Ownz this Darwin 7.9.0 by S0l4r1s

See :
http://www.cybercafe.tv
http://www.singlefm.com
http://www.brice.org
http://p2pfoundation.net
http://www.brice.net
etc.

Seems they manage to write an index.html new files
and deleted all index.php

I will restore all sites in a minute but any idea where
I should look for security ?

--
Brice Le Blevennec, Digerati, ListDad, <http://www.brice.net>
Emakina S.A. - The e-business Agency <http://www.emakina.com>
Ex Machina Television S.P.R.L.- Television & Radio Production
<http://www.cybercafe.tv> & <http://www.singlefm.com>
Contact Office Group S.A. - The Professional Online Office
<http://www.contactoffice.com>
---------
Tenon Intersystems' iTools Mailing List
To unsubscribe: send mail to
itools-request@xxxxxxxxxxxxxxx
with the body only containing:
unsubscribe
Find the searchable mailing list archives
at:
http://www.tenon.com/lists/html/iTools/


--
-----------------+----------------+----------------------------------
Jochen Savelberg | Euregio.Net AG | domain registrations, co-location
joe@xxxxxxxxxxx | Wirtzfeld 140 | hosting, marketing, entertainment
Online Producer | 4760 Bullingen | consulting, training, development
MIS/IT Director | Belgium | http://www.euregio.net
-----------------+----------------+----------------------------------
Internet Services since 1995 - AFS-Returnee '93, Belgium to Australia
---------
Tenon Intersystems' iTools Mailing List
To unsubscribe: send mail to itools-request@xxxxxxxxxxxxxxx
with the body only containing: unsubscribe
Find the searchable mailing list archives at:
http://www.tenon.com/lists/html/iTools/

<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Tenon iTools 8 Server Hacked (A1TS Ownz this Darwin 7.9.0 by S0l4r1s), Jody McAlister
Next by Date:  Re: Tenon iTools 8 Server Hacked (A1TS Ownz this Darwin 7.9.0 by S0l4r1s), Ex Machina
Previous by Thread:  Re: Tenon iTools 8 Server Hacked (A1TS Ownz this Darwin 7.9.0 by S0l4r1s), Ex Machina
Next by Thread:  Re: Tenon iTools 8 Server Hacked, Ex Machina
Indexes:  [Date] [Thread] [Top] [All Lists]
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |

Powered By iTools

Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara, CA 93101. All rights reserved.
Questions about our website - Contact: webmaster@tenon.com.

Tenon Home Tenon Home Tenon Home Tenon Home Product Info Tenon Ordering Contact About Register Support Resources Press Mailing Lists