Hacker vandalism

It has been a hectic couple of weeks trying to keep ahead of the script kiddie who has been vandalizing my sites.

I’m still not sure if it is one of my sites or Dreamhost as a whole that has been compromised but my sites there are trashed within minutes after I fix them.

A part from the vulnerability in it self the main factor for my troubles are that Dreamhost is running Apache under my user account. Since I have permission to alter all my files so does Apache.

A simple directory traversal will give an attacker access to all my sites under the compromised account.

I’ve now moved most of the attacked sites to a VPS where I have better control. Considering all time I’ve spent cleaning up after attacks I think it will be cheaper to admin a whole server.

flattr this!

Trackback

3 comments untill now

  1. [...] I wrote on logview4net.com: It has been a hectic couple of weeks trying to keep ahead of the script kiddie who has been [...]

  2. Hi Johan,

    Sorry to hear that you are having problems with vandalism.

    I can’t find your email, so, I’ll write you here, I hope you don’t mind.

    I really really really miss saving the log to disk on a daily basis. Let me tell you why. I’ve a few servers in the cloud and I’d like to use your software to aggregate the logs for all of them, but I really can’t do anything with this aggregate log if I don’t have it on disk. It’d be perfect if the program would save the buffer to a new file on disk every 24h. In that way, for instance, it’d easy to search something in the log from 2 days ago.

    I could easily write a program that listen to the UDP port and writes to a new file every 24h, and then use your program to listen to that file, but I think it’s cleaner (and useful for more people) if it’s directly integrated.

    Victor

  3. Hello Victor

    I’ve been thinking about saving the log for a long time.
    The code is there already, but I don’t like my current solution. It’s writing to the same file all the time and keeping it locked whle logview4net is open..

    Your message got me thinking a bit.

    If l use a RollingFileAppender from log4net (http://logging.apache.org/log4net/release/sdk/log4net.Appender.RollingFileAppender.html) someone else has done most of the work already.

    I’ll add the necessary configuration options and make a release within a fortnight.

    Thanks a lot for the suggestion.

Add your comment now