Doorways on Non-default Ports — New Trend in Black Hat SEO?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Doorways on Non-default Ports — New Trend in Black Hat SEO?
Quote:
A year ago I blogged about how hackers managed to hijack hundreds of high-profile websites to make them promote online stores that sold pirated software at about 5-10% of a real cost. They used quite a standard scheme that involved cloaking (making spammy links visible only to search engine crawlers) and conditional redirects (visitors from search engines who clicked on specifically-crafted links on compromised sites got redirected to online stores of software pirates)
Despite of all my warnings, most of those site are still hacked and help sell pirated software and steal credit card numbers. This negligence of site/server administrators encouraged cyber criminals to step even further in abusing reputation and resources of compromised servers. This post will be about one of such steps.
I wrote a script for my server that tracks file modification (date, size, md5, ... etc) in a interval of 30mins.
All file modifications are loged and if the file is smaller then 200kb it even takes a snapshot.
Currently I only scan FTP and web folders, but I think I am gonna add my /etc to be scanned also after reading this.
The problems are only possible because the original designers of the software involved were not interested (enough) in security. I blame all of the corporate managers, theoreticians, and product designers. Weak security starts with how a computer loads an operating system. It continues with how computers request a network connection. More problems arise from user authentication built on the first two issues. It finishes with idiotic applications that use data as programs and therefore allow viruses to be embedded in the data.
There is no end to the number of idiots who have contributed to the current pathetic state of computer security that we see today.
Looking what my server actually does : see what services are listening, on what ports, who logged on to the server (should be only me) and stuff like, is something I do on a weekly base.
But I think having a tool that tracks file modifications is nice and only takes a minute to check every day.
Imho common problem in lots of companies : too much people have access to the server and just do stuff. I guess the real big companies (and I mean the really big ones) have guidelines that are being respected and only some well trained peoples have access and those peoples will just refuse to do certain things that compromises the server security.
On the other hand smaller companies might only have a single guy with full access to the server and then it comes down to the knowledge and will of that person.
Looking what my server actually does : see what services are listening, on what ports, who logged on to the server (should be only me) and stuff like, is something I do on a weekly base.
But I think having a tool that tracks file modifications is nice and only takes a minute to check every day.
Imho common problem in lots of companies : too much people have access to the server and just do stuff. I guess the real big companies (and I mean the really big ones) have guidelines that are being respected and only some well trained peoples have access and those peoples will just refuse to do certain things that compromises the server security.
On the other hand smaller companies might only have a single guy with full access to the server and then it comes down to the knowledge and will of that person.
I know how that goes, I can't even get sick without getting phone calls ALL DAY LONG. "Hey where do you keep your user walkthroughs?" "Hey what do we do if the Sharepoint server is running slow?" There's so many computer "geniuses" out there that know just enough to be dangerous, that when someone who actually has certifications and common sense comes along people become dependent on them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.