[Cialug] URGENT! How to list all files new/modified last 24 hours

Afan Pasalic afan at afan.net
Fri Oct 26 12:12:55 CDT 2012 

That would be great. But, this is "shared hosting" kind of server and I 
don't have access to these things.Though, even I have dedicated server, 
I don't think my "knowledge" will allow me to do it :-)



On 10/26/2012 12:05 PM, Josh More wrote:
> To be clear... I am also advocating scrapping it and rebuilding.  I
> just think that after it's rebuilt, you should use Suhosin and
> Mod_Security and then use AppArmor to chroot it.  (There are other
> ways to chroot... I just like AppArmor the best.)
>
> AppArmor can also do cool stuff with your back end databases.
>
> You can also look at CloudFlare and Incapsula if you want additional
> cloudy protection.
>
> -Josh
>
> On Fri, Oct 26, 2012 at 12:02 PM, Nicolai
> <nicolai-cialug at chocolatine.org> wrote:
>> On Fri, Oct 26, 2012 at 11:10:43AM -0500, Afan Pasalic wrote:
>>
>>> they changed every index.php file
>> Ah, good ol' PHP.  If you don't scrap it, then follow Josh's advice to
>> the letter.  But it would be better to scrap it IMO.  Then take the time
>> to set up a chroot webserver (nginx and Apache are both chroot by
>> default on OpenBSD).
>>
>> If you're going to take the time to do something, it may as well be to
>> build something that lasts.
>>
>>> Looks like they got in through my old website I coded myself. They found
>>> the hole.
>> I admire your honesty.  Lots of people in the same situation try to
>> "hide" the details to protect their supposed image, rather than be open
>> about it and learn from the experience.  Their efforts are transparent
>> and have the opposite effect.
>>
>>> I talked to tech support and the guy said they got in through FTP but I
>>> doubt it.
>> Unless this is chroot non-root UID anonymous read-only FTP, it should be
>> turned off.  Use SFTP or scp instead, already provided by OpenSSH.
>>
>> Nicolai
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list