LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-20-2012, 08:45 AM   #16
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 284
Blog Entries: 7

Rep: Reputation: 42

Quote:
Originally Posted by unSpawn View Post
I suggest you read up on things before posting such "advice". TCP/80 needs to be open to serve web content and the port being open itself isn't the biggest threat.
I'm sorry if I wasn't clear enough: I only meant that the unnecessary ports should be closed.
 
Old 12-20-2012, 08:49 AM   #17
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,183
Blog Entries: 4

Rep: Reputation: 762Reputation: 762Reputation: 762Reputation: 762Reputation: 762Reputation: 762Reputation: 762
Quote:
Originally Posted by unSpawn View Post
...Unfortunately the OP hasn't returned since post #10 so I can only hope he understood what he should do.
Well, you and I seem to live here.

Hopefully, this will be the catalyst that the user needs and sees that the time for such questions is before any compromises.

As per the usual, I suspect stolen credentials or a reverse-shell dropped in via loose permissions.

Hosting is the pits.
 
Old 12-20-2012, 10:13 AM   #18
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,139
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Thanks for taking the time to reply. Now you're kind of new to LQ and therefore you may not have much experience reading posts and interacting with the folks in the Linux security forum. Members who seem to live here, members with a good grasp of Linux Security, and especially those with practical incident handling or forensics experience know there's a certain order, a structured approach to "solving" these types of problems. Because time is of the essence and risks should be mitigated as soon as possible the order of stages I try to promote is: information gathering, mitigation, analysis, aftercare. Understanding what actions to perform at which stage ensures both the incident handler and the "victim" have a clear view on what to do. This should keep the "victim" from getting distracted by conflicting "advice", nitpicking or whatever else.

More fundamentally solving any problem requires one to be methodical about things. IMHO that starts with proper diagnosis: reviewing the nfo at hand while not assuming anything and asking questions. If on doesn't do that then one might miss a clue and any advice one gives may range from just inefficient to the completely unsuitable in certain situations.


Quote:
Originally Posted by Nbiser View Post
I'm sorry if I wasn't clear enough: I only meant that the unnecessary ports should be closed.
And likewise I'm sorry if what I wrote above wasn't clear enough: in a priority-ordered list of actions to perform this isn't number 0, 1 or 2 until you have gotten the information to base such advice on.
 
Old 12-20-2012, 07:36 PM   #19
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 284
Blog Entries: 7

Rep: Reputation: 42
Quote:
Originally Posted by unSpawn View Post
Thanks for taking the time to reply. Now you're kind of new to LQ and therefore you may not have much experience reading posts and interacting with the folks in the Linux security forum. Members who seem to live here, members with a good grasp of Linux Security, and especially those with practical incident handling or forensics experience know there's a certain order, a structured approach to "solving" these types of problems. Because time is of the essence and risks should be mitigated as soon as possible the order of stages I try to promote is: information gathering, mitigation, analysis, aftercare. Understanding what actions to perform at which stage ensures both the incident handler and the "victim" have a clear view on what to do. This should keep the "victim" from getting distracted by conflicting "advice", nitpicking or whatever else.
I'll admit, I'm no security expert. What I know I've learned from my father, a certified ethical hacker and a certified forensics investigator. As for myself I'm more of a hardware and operating system guy.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how hackers are injecting code to the website ? nixonp Linux - Newbie 1 12-19-2012 10:33 AM
LulzSec hackers claim CIA website shutdown Jeebizz Linux - News 7 06-17-2011 09:08 PM
Check this out - Videos on how to protect your website against hackers Arne1983 Programming 1 03-17-2009 03:48 PM
AUTH/IDENT query software, hacking hackers and probably morality tomjermy Linux - Security 4 05-14-2005 06:44 PM


All times are GMT -5. The time now is 06:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration