Hello unSpawn.
Quote:
It may be a local password but it may be something else. Did this occur on the old or the new server? Did you scan the full contents of his account?
|
Well I did performed
find /home/user -print0 | xargs -0 file | tee /tmp/user.file and I checked for non coincidences
How can I realize if an html file contains such dirty links?
What about any other scripts like perl ones that contain spammers execution?
You know that I live in a country where many people use unregistered software, Windows, antiAlls. So, it is not strange that 'web designers' may catch some malware to get their private data.
Anyway I have to rule out any other possibility.
Quote:
Can you tell me exactly what measures you took to enhance security of the machine since this thread?
|
All user's passwords have been changed.
I checked some implementation of verification data within forms, query strings and php mysql handling.
You asked my about Java and php image verification. The Java one is a third-party I don't know how it checks jpgs integrity, but after that I use some ImageMagick tools in case they cannot be performed then the uploaded file would be removed.
Do you have a harmless file simulating an image one for debugging (in my old server!)?
I use phpBB3 and MyBB forum apps. They are up-to date.
I am also reading about samhain. Not yet installed, I have to check new server and compare several settings among the servers.
I only have a few days to release the old server.
As for the backup system, I use a cron rsync to backup from remote to a local computer. Then I use a cron lftp to copy all backup to a LAN HD (10 days rotation).
I believe rsync does not support incremental backups.
I've read about Amanda or something like that to perform backups. (I've just seen here a google advertisement about Zmanda!)
What do you suggest?
Thank you