__/ [ Roy Schestowitz ] on Wednesday 04 October 2006 14:32 \__
> __/ [ Baho Utot ] on Tuesday 03 October 2006 00:02 \__
>
>> Roy Schestowitz wrote:
>>
>> [putolin]
>>
>>>>> A quick check reveals the following:
>>>>>
>>>>> -rw-r--r-- 1 schestow schestow 450 Jun 6 2005 index.htm
>>>>> -rw-r--r-- 1 nobody nobody 1.5K Aug 5 20:58 index.php
>>>>> -rw-r--r-- 1 schestow schestow 32K Oct 1 20:13 resindex.htm
>>>>
>>>>
>>>> Looks like apache put it there, See the nobody user.
>>>> Open your httpd.conf and find out which user apache runs under
>>>> I think it will be nobody
>>>
>>>
>>> Can only root check this? I doubt I have access to this file. Is it a
>>> aper-user config file? If so, I am not sure what path it's under.
>>>
>>
>> Yes, If the server is properly configured only root can get to it.
>>
>> It should be in /etc/httpd/
>
> Many thanks again. I am somewhat fearful that getting the host involved
> will devour a lot of time and effort. Surely I could also look at the logs
> and try to assess things in a post morten fashion. If this ever recurs, I
> will definitely take action, but truthfully I have not done anything yet.
>
> You'd probably think I'm naive for taking that stance, which is fair
> enough.
Off-topic perhaps...
http://www.dedicatedhostingcompanies.com/uncategorized/hacked-by-my-host-be-careful/
This has just hot the front page od Digg. I'm not suggesting I was a victim,
but it's a good read that I thought you'd appreciate.
|
|
