I Got Haxx0r3d

My dedicated Linux server was hacked a few days ago. Specifically, someone managed to compromise Apache by way of an outdated PHP-based application that a hosting client of mine had installed. The hacker planted a script that tied up the system doing nefarious things such as portscans of other machines. My hosting provider shut down the server, but neglected to tell me what had happened.

After punching a hole through the illiterate frontline support technicians, I finally got through to someone who told me what was up. I was able to clean up the mess and uninstall the vulnerable application. I have also contracted some security experts to harden the machine for me and help prevent this sort of thing from happening again.

I will also be keeping a closer eye on scripts that get installed on the server, making sure they are all patched with the latest updates of everything.

I am glad this wasn’t worse. It could have turned into a defacement or total crippling of the server. Not that I don’t have backups, but it would have been much more time consuming to fix.

In order to maintain communication with my clients during the downtime, I moved this site to a different server quickly, and took the liberty of setting up the latest version of WordPress, along with a spiffy new theme.

Enjoy.

About Will Chatham

Will Chatham is the Security Assessment Engineer for Arbor Networks. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. He started as a web developer, moved into Linux system administration, and ultimately found his place as a security professional. Having most recently conquered the OSCP certification, Will continues to hack his way into various things in an effort to make them more secure.
Bookmark the permalink.

3 Comments

  1. The forum is dead. Long live the forum

  2. Frank N Beanz

    Long live the forum…may it rest in peazizzle….and stuff

  3. Frank N Beanz

    m3 thinks chuck did it…

Leave a Reply