Archives
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Summary-Talk] <no subject>
Summary can only help you if they compromised your system through the
web server. That isn't a likely point of attack if you have a well
designed system and are keeping up on your security patches.
The best thing to do in this situation is to hire a competent firm to
perform a through security audit on your complete setup. There are many
different places that need to be checked. A firm that specializes in
Internet security will have knowledge and resources that are very
valuable in this situation.
Assuming that there is something in the server logs, possible places to
look include:
* Check the Auth User report to see if someone has been engaging in
password guessing.
* Check for hosts with large numbers of failed requests or other
unusually high numbers.
* Search for accesses to your administrative web pages that you can't
account for.
* Check for gaps in service that you can't account for. Some hacks cause
the web server to restart. Unfortunately, the Gaps in Service report
isn't always accurate.
Good Luck
Jason
Michael Adams wrote:
> We have just become aware that we were visited by a hacker, d1\\cr4ck.
> What should I look for in the logs that might indicate something about
> when or how this guy got in? In Summary we include most report topics in
> each report and there is a separate report for the news site.
--
Jason@Summary.Net
--
Dr. Seuss books . . . can be read and enjoyed on several levels. For
example, 'One Fish Two Fish, Red Fish Blue Fish' can be deconstructed
as a searing indictment of the narrow-minded binary counting system.
-- Peter van der Linden, Expert C Programming, Deep C Secrets
-------------
Go to <http://summary.net/list.html> to update subscription info.
|