[ic] Urgent Help
Murray Gibbins
Murray@scotweb.ltd.uk
Mon, 05 Mar 2001 15:28:38 +0000
Robert Trembath wrote:
>
> I think someone was trying to hack our machine this morning. Found some
> files in the /tmp directory that apache wrote containing this:
>
> Not Found
> The requested URL /orders/orders.txt was not found on this server.
>
> Not Found
> The requested URL /orders/import.txt was not found on this server.
>
ok that's just a problem with httpd.conf, may not indicate a hack, more likely a
problem with a document root inside virtual host or Alias or Script alias. Your
file permissions may be wonky too.
> Authorization Required
> This server could not verify that you are authorized to access the document
> requested. Either you suppliÐ8þ�ed the wrong credentials (e.g., bad
> password), or your browser doesn't understand how to supply the credentials
> required.
i wouldn't worry about that. If a real hacker got in then you would not have
this type of log file hanging around. But if in doubt may I suggest format
/dev/hda
> I believe someone was looking for credit card info and config info on our
> server. What do you think? I do have the IP's logged but they are probably
> bogus.
The correct approach is "My machine is connected to the internet, therefore I
will assume that it is hacked (hackable) until it is hacked". The precautionary
approach will work best for machines inside DMZ's.
The "Scientific method" will solve all your problems and tell you what's
happening.
Yours
Murray
http://www.morpheux.org
--
____
\__/ Murray Gibbins murray@scotweb.ltd.uk
/ \ Programmer
_ \__/ _ ================================================
\\ || // Scotweb Limited, info@scotweb.ltd.uk
\\||// 13a Albert Terrace, http://www.scotweb.ltd.uk
\||/ Edinburgh EH10 5EA Tel: +44 (0) 131 270 82 33
|| Scotland. Europe. Fax: +44 (0) 7020 93 49 04