LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-04-2010, 04:07 PM   #1
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Arrow Doorways on Non-default Ports New Trend in Black Hat SEO?


Quote:
A year ago I blogged about how hackers managed to hijack hundreds of high-profile websites to make them promote online stores that sold pirated software at about 5-10% of a real cost. They used quite a standard scheme that involved cloaking (making spammy links visible only to search engine crawlers) and conditional redirects (visitors from search engines who clicked on specifically-crafted links on compromised sites got redirected to online stores of software pirates)

Despite of all my warnings, most of those site are still hacked and help sell pirated software and steal credit card numbers. This negligence of site/server administrators encouraged cyber criminals to step even further in abusing reputation and resources of compromised servers. This post will be about one of such steps.
Complete Article

Thanks to Slashdot for covering this.
 
Old 12-04-2010, 05:21 PM   #2
Dani1973
Member
 
Registered: Dec 2010
Distribution: Debian testing
Posts: 148

Rep: Reputation: 16
I wrote a script for my server that tracks file modification (date, size, md5, ... etc) in a interval of 30mins.
All file modifications are loged and if the file is smaller then 200kb it even takes a snapshot.

Currently I only scan FTP and web folders, but I think I am gonna add my /etc to be scanned also after reading this.
 
Old 12-04-2010, 07:56 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
That's nice but the article clearly suggests more than doing that like scanning using outside tools.

I find it unbelievable that domains can stay poisoned for years...
 
Old 12-05-2010, 05:03 AM   #4
dudeman41465
Member
 
Registered: Jun 2005
Location: Kentucky
Distribution: Debian
Posts: 794

Rep: Reputation: 56
Makes me want to slap the clonezilla cd in my server and do a drive snapshot while it's still clean, lol.
 
Old 12-05-2010, 05:31 AM   #5
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
The problems are only possible because the original designers of the software involved were not interested (enough) in security. I blame all of the corporate managers, theoreticians, and product designers. Weak security starts with how a computer loads an operating system. It continues with how computers request a network connection. More problems arise from user authentication built on the first two issues. It finishes with idiotic applications that use data as programs and therefore allow viruses to be embedded in the data.

There is no end to the number of idiots who have contributed to the current pathetic state of computer security that we see today.
 
1 members found this post helpful.
Old 12-05-2010, 05:55 AM   #6
Dani1973
Member
 
Registered: Dec 2010
Distribution: Debian testing
Posts: 148

Rep: Reputation: 16
Looking what my server actually does : see what services are listening, on what ports, who logged on to the server (should be only me) and stuff like, is something I do on a weekly base.
But I think having a tool that tracks file modifications is nice and only takes a minute to check every day.

Imho common problem in lots of companies : too much people have access to the server and just do stuff. I guess the real big companies (and I mean the really big ones) have guidelines that are being respected and only some well trained peoples have access and those peoples will just refuse to do certain things that compromises the server security.
On the other hand smaller companies might only have a single guy with full access to the server and then it comes down to the knowledge and will of that person.
 
Old 12-05-2010, 06:09 AM   #7
dudeman41465
Member
 
Registered: Jun 2005
Location: Kentucky
Distribution: Debian
Posts: 794

Rep: Reputation: 56
Quote:
Originally Posted by Dani1973 View Post
Looking what my server actually does : see what services are listening, on what ports, who logged on to the server (should be only me) and stuff like, is something I do on a weekly base.
But I think having a tool that tracks file modifications is nice and only takes a minute to check every day.

Imho common problem in lots of companies : too much people have access to the server and just do stuff. I guess the real big companies (and I mean the really big ones) have guidelines that are being respected and only some well trained peoples have access and those peoples will just refuse to do certain things that compromises the server security.
On the other hand smaller companies might only have a single guy with full access to the server and then it comes down to the knowledge and will of that person.
I know how that goes, I can't even get sick without getting phone calls ALL DAY LONG. "Hey where do you keep your user walkthroughs?" "Hey what do we do if the Sharepoint server is running slow?" There's so many computer "geniuses" out there that know just enough to be dangerous, that when someone who actually has certifications and common sense comes along people become dependent on them.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Twitter, Linux, Red Hat, Microsoft 'honored' at Black Hat with Pwnie Awards LXer Syndicated Linux News 0 08-03-2009 08:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration