[Chugalug] Website scanners (was d at mn scammers/hackers)

David White dwrudy at gmail.com
Thu Oct 18 03:15:12 UTC 2012


To fork the thread, anyone know of any services you can use, and/or or
scripts you can run to check the public facing code of sites and
ensure there's nothing malicious?

On the internal side of things, I wonder if it would just make sense
to periodically run an MD5 checksum via cron on each web directory in
the server(s) and compare that with the good hash (stored externally,
off the server, of course).

Sent from my iPhone

On Oct 17, 2012, at 10:08 PM, Mike Harrison <cluon at geeklabs.com> wrote:

>
> The little Linode slice that hosts chugalug.org
> and a handful of other sites had a Joomla install brute forced.
> Actually nailed on October 10th, but they did not
> install and abuse things until yesterday.
>
> The apache logs show many many thousands of login/password attempts
> on the two joomla sites on this system... from only two IP's. in rapid succession. and they finally got one. Then they uploaded a new theme, with some extra functionality in the files.
>
> Note: Both IP's were from static ip leasing services. That's a new twist to me... usually they are from another hacked server.
>
> And then they went "Bank of America Customer Fishing"
> This server was only a relay, it's some interesting code.
>
> As many of you are also hosting/using Joomla and other content management systems, you might want to look at your logs. Moving your login/admin
> urls is the first step, there are many more worth taking.
>
> I'm out of the internet / web hosting / security business and yet, since the beginning of September, I've been involved in 6 comprimises, 2 of which, like this one, I was partially responsible for some part of the system.
> The others I was just called in to help clean up afterwards.
>
> My relevant almost on topic point is: It seems to me the intensity, focus and volume of hacks, comprimises and abuses have seeming increased significantly.
>
> Be careful out there. I'm putting my uber-paranoid hat on after
> about 10 years of not wearing it (all the time), you should also.
>
> The not so nice people are out to get us all. All of us.
>
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


More information about the Chugalug mailing list