[Chugalug] Website scanners (was d at mn scammers/hackers)

Rod-Lists rod-lists at epbfi.com
Thu Oct 18 20:38:56 UTC 2012


Just found this http://mollom.com/how-mollom-works.
It more of a screening of your incoming posts.
Might be useful.

----- Original Message -----
> 
> I use securi for the public facing side:
> http://sitecheck.sucuri.net/scanner/
> 
> 
> On Wed, Oct 17, 2012 at 11:15 PM, David White < dwrudy at gmail.com >
> wrote:
> 
> 
> To fork the thread, anyone know of any services you can use, and/or
> or
> scripts you can run to check the public facing code of sites and
> ensure there's nothing malicious?
> 
> On the internal side of things, I wonder if it would just make sense
> to periodically run an MD5 checksum via cron on each web directory in
> the server(s) and compare that with the good hash (stored externally,
> off the server, of course).
> 
> Sent from my iPhone
> 
> On Oct 17, 2012, at 10:08 PM, Mike Harrison < cluon at geeklabs.com >
> wrote:
> 
> > 
> > The little Linode slice that hosts chugalug.org
> > and a handful of other sites had a Joomla install brute forced.
> > Actually nailed on October 10th, but they did not
> > install and abuse things until yesterday.
> > 
> > The apache logs show many many thousands of login/password attempts
> > on the two joomla sites on this system... from only two IP's. in
> > rapid succession. and they finally got one. Then they uploaded a
> > new theme, with some extra functionality in the files.
> > 
> > Note: Both IP's were from static ip leasing services. That's a new
> > twist to me... usually they are from another hacked server.
> > 
> > And then they went "Bank of America Customer Fishing"
> > This server was only a relay, it's some interesting code.
> > 
> > As many of you are also hosting/using Joomla and other content
> > management systems, you might want to look at your logs. Moving
> > your login/admin
> > urls is the first step, there are many more worth taking.
> > 
> > I'm out of the internet / web hosting / security business and yet,
> > since the beginning of September, I've been involved in 6
> > comprimises, 2 of which, like this one, I was partially
> > responsible for some part of the system.
> > The others I was just called in to help clean up afterwards.
> > 
> > My relevant almost on topic point is: It seems to me the intensity,
> > focus and volume of hacks, comprimises and abuses have seeming
> > increased significantly.
> > 
> > Be careful out there. I'm putting my uber-paranoid hat on after
> > about 10 years of not wearing it (all the time), you should also.
> > 
> > The not so nice people are out to get us all. All of us.
> > 
> > 
> > _______________________________________________
> > Chugalug mailing list
> > Chugalug at chugalug.org
> > http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
> 
> 
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
> 


More information about the Chugalug mailing list