Quote:
Originally Posted by documetaltux
Here's the result of ls -lart /var/www/html/ :
Code:
total 12
drwxr-xr-x. 7 root root 4096 Mar 5 16:08 ..
-rw-r--r--. 1 apache apache 24 Mar 10 22:49 index.html
drwxrwx---. 2 apache apache 4096 Mar 10 22:49 .
The file index.html was added by the hacker. Can anyone make anything out of this ?
Thanks for helping
|
cat index.html
Then check whether index.html is pointing to what directories.
List also the users on your system whether a new user account is added.
If the hacker keeps coming back to your system, and you are hosting a website. Make sure all your web forms or any thing that they user can key in are protected.
What I mean by protected, make sure that users are not able to run or execute commands from those web forms. Some sort of SQL injection through the website forms, textboxes etc.
If you are using database, change database password. List also the user accounts on the database to make sure no any new user account is created.
But password reset will not help at all, if you really don't know how the guy gets in to your system. You need to investigate further.
Check all the online services you are offering for any vulnerability.