Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need a way to find how hackers sometime get into a website and change files, what would you suggest me ?
For what purpose if I may ask? If files changed then getting the hashes from the original software and running them against 'md5deep -r -x' could be a quick start. But if this is thought to be part of "regular maintenance" then I suggest you change your strategy to a more active one and guard against having old or vulnerable installed software versions first. As in combating the cause, not just symptoms.
Hello,
I need a way to find how hackers sometime get into a website and change files, what would you suggest me ?
Absolutely agree with unSpawn. The best suggestion would be for you to properly secure your server/network. Snort is a good tool, but you have to use it as part of a larger strategy. Firewalls, DMZ's, etc., all need to play a part, along with proper systems security.
Think of it as a house; if you leave the doors unlocked and the windows wide open, it's VERY hard to see how someone got in. Lock things up, and put an alarm on, you can EASILY see a broken window, know which door was opened, etc. This is no different...the more layers between your server and the Internet, the harder it is..and each layer will get you traces on how things were broken.
I think the problem relies on the web application code. There must be some bug and checking all parameters would be difficult due it is a large application
I think the problem relies on the web application code. There must be some bug and checking all parameters would be difficult due it is a large application
This is an absolutely HORRIBLE approach to this problem...you're essentially saying:
You don't know what the problem(s) are
You don't know WHERE the problem(s) are
Since it's a 'large application', it's alot of effort to check, and you don't seem to plan on checking it.
Please, don't wonder why your site has problems. If you are serious about securing it, then you have one option: work hard, find the holes, bugs, and vulnerabilities, and FIX THEM. That's the job of a systems administrator...if you're also the web programmer, then you have to fix THAT too.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.