my Server Hacked

[linuxprovider]

Dear all

Today while i run some commands like ls this error appeared

segmentation falt

any way the reason is my server's hacked

now i reinstall it but my question

How could my server hack while i have disabled Compilers for unprivileged users

i admited that i have found cgi-telnet scripts but how could he used it to install rootkit

plz help me to not falldown again

Thanks

[AndyReed]

Quote:

Originally Posted by linuxprovider

How could my server hack while i have disabled Compilers for unprivileged users

i admited that i have found cgi-telnet scripts but how could he used it to install rootkit

Servers get hacked, at least in part, because they are running old, outdated, unpatched software with exploitable vulnerabilities.

How to keep your web servers and web sites from being hacked?

Keep your software updated — run the latest versions of Apache and Php. The same goes for MySQL and any other server side scripts. Php forums have been heavily targeted by hackers, not so much for running phishing sites, but it seems like the script kiddies like to deface them.

Apache.org has Security Tips for Server Configuration at: http://www.w3.org/Security/Faq/

W3.org has WWWSecurity FAQ at: http://www.w3.org/Security/Faq/

I’ve seen a number of compromised sites being used to run exploits, both the WMF exploit and the createTextRange() exploits. Those sites were dropping trojan downloaders that contacted other servers to download malware including backdoors, key loggers, spam bots, password stealing trojans — the really nasty spyware, and in some cases, adware as well. It’s frustrating and sad, especially since it’s largely preventable. Please search these forums; there are many threads discussing HowTo secure your server. Or you can seek professional help to secure your server.

[linuxprovider]

Many Thanks For Clearing that

i have a question

i have disable php ( shell scripts )

but i am still can not disable perl ( cgi-telnet scripts )
i have installed mod_security
but still no hope plz give my help coz as you know if i am not fixing this problem my
server will still facing dangers


Thanks

[Kelmas]

Quote:

Originally Posted by AndyReed

I’ve seen a number of compromised sites being used to run exploits, both the WMF exploit and the createTextRange() exploits.

Can you please tell a little bit more about these? Would be great.

[AndyReed]

Quote:

Originally Posted by Kelmas

Can you please tell a little bit more about these? Would be great.

WMF
FAQ
http://isc.sans.org/diary.php?storyid=994

Linux/BSD still exposed to WMF exploit through WINE!
http://blogs.zdnet.com/Ou/index.php?p=146

TextRange() exploits
http://www.computerworld.com/printth...110122,00.html

You need a very good set of Mod Security rules to minimize and/or stop attacks on your server. In addition, install APF and BFD. I think every body should read WWWSecurity FAQ at: http://www.w3.org/Security/Faq/