10.4 web server was hacked - how do I find out how this happened?
I am running the most updated 10.4 OSX Server software on a computer (an iMac 800 which doesn't permit 10.5 Server to install!), and two days ago I noticed that all of my web pages for only one of the sites served by this computer had been rewritten to display all kinds of vulgar garbage after a nicely written banner that said "you've been hacked". In general, my network has DSL for internet with a static IP, and the router then forwards various ports to this computer for the three services that the computer provides: Web, AFP, Mail. Ports are open in the router to permit FTP, Server Admin and Workgroup server login as well, and there is only one admin account on this computer among the other 9 basic user accounts.
The Web server supports multiple virtual domains for this single IP address, each of which has a separate web documents folder. Only the main site was hacked - other folders were not touched.
I have replaced all of the files so my web site now displays the proper information, but I am interested in discovering how this occurred. I have no guest "write" access to the folders on this system that I know about.
What can I look for to determine how this occurred, and hopefully prevent its recurrence? Thank you for any advice!
Might want to increase your degree of paranoia by an order of magnitude or three here. With ftp and with the other stated ports open to the 'net, it's more of a wonder that the server didn't get hacked sooner. It's not really paranoia if the folks really are out to get you, and -- based on my server logs -- they are.
A user with an unauthorized account on your box means your security has been completely breached; that your server has been rooted, in the vernacular.
Getting rooted means you'll probably want to reinstall everything other than your application data from distro, from bare iron and Mac OS X Server on up. You'll want to pull what you can of that from your pre-breach backups and data archives. If you don't reinstall from known-good distros, who knows what else has been left around as a surprise or as a backdoor.
With a rooted server, that could be anywhere. Worse, that rooted server can be used as a foothold to gain further access, such as via no-password ssh or telnet or simply sniffing local telnet traffic.
I'd also look to upgrade the versions of php and any web-facing applications to the most current available versions, as attacks against many of those web-facing packages are active and underway.
And I'd change passwords on all the other servers and devices on the LAN.
Similar Messages
-
I made a purchase on itunes on March 6 at 11:33 order umber MHOXX3TK9J for 1.99 and my credit card was charged $20.00 please help me find out why this happened.
Contact iTunes support at the link below.
https://ssl.apple.com/emea/support/itunes/contact.html -
I think my computer was hacked, how can I tell who has been using my account?
I think my computer was hacked, how can I tell who has been using my account?
Hi sandys98368807,
Do you see any unusual activity on your system?
If you are worried about your Adobe account, i would recommend you to change your Adobe password as soon as possible.
Please let me know if you have any other query or need any further assistance.
Regards,
Rahul -
My 6 year old was playing on an app we have used for ages then last night i recieved numerous emails stating about $600 of in app purchases had been made! i dont know how this happened as my child does not know my apple i.d. password!
You can try contacting iTunes support and see if they give you a refund or credit for some/all of it : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchaes, Billing & Redemption.
To stop it happening again you can turn off in-app purchases on your iPad via Settings > General > Restrictions > In-App Purchases, and also in Restrictions change Require Password to 'Immediately' - the default is 15 minutes during which it doesn't need to be re-entered. -
When I try to connect to iCloud, it says there is a server error and does not log me in. This happens every time. How can I circumvent this server error?
Try restarting your computer and your router.
If there is a specific error code, take a look at this article.
iTunes: Specific update-and-restore error messages and advanced troubleshooting
http://support.apple.com/kb/TS3694 -
The output sound was somehow muted and grayed so that I can't uncheck it. Any idea how this happened and how it can be undone?
Hi, and welcome to Apple Support Communities.
Which exact iBook model is it?
You can choose from this list:
http://www.everymac.com/systems/apple/ibook/index-ibook.html
You could try resetting the PRAM and see if that helps. -
I have no sound alerts on my iphone5. My software is up to date. I can hear on a call but I have no text alerts, no ringtones, nothing that involves sound! Everything was okay a few hours ago. I have no idea how this happened. Please help!!
I tried the compressed air, Qtip, etc... still nothing. Called Apple again.... and we did a complete factory reset from iTunes, wiping everything out... still no sound, which proves that it is a hardward problem, under warranty, I have to have phone replaced No Apple repair centers within 300 miles of me! So... shipping phone off today. Bummer.
-
I will type in google let say tree the search will click on to one of the searches and instead of tree web page showing up a ad page will come up this happens with very thing can you help.
You (or your kids) inadvertently installed adware. You do not need to download or install anything to fix it.
Any tips on how to stop it from happening?
Yes. To learn how to avoid it in the future read How to install adware.
If you require them, Apple's removal instructions are linked in the Recovery Procedure near the end of that document. Read and follow them carefully. Pay particular attention to the easily overlooked passages directing you to restart your Mac when required. -
as I stated. the white in any file I open in PS s a warm white. I don't know how this happened or how to fix it. I do know it is not my PC or moniter. Only in PS. any hepl is appriciated, thanks, P
My5cats, Cris may have more to add but here are some thoughts. A calibrated monitor does have warm whites. We perceive a blue white as being correct but it isn't. i don't know if you are using monitor calibration or not. One possible area is that Photoshop is set to a paper or some other gamut. You can check (in PS) by going to the Edit menu > Color settings. Here is a picture of mine. I set the working space to sRGB which is used for the web and many printers. If you get a correct setting , consider saving it.
-
My premiere project file size just went from 190MB to 5.61GB... and now it won't open! Anyone know how this happened? Or how to prevent it from happening again? Thankfully I saved a backup project of the 190MB file size.
warp stabiliser?
-
My browser will not load a page or update unless I am actively moving my cursor or typing. If I select a page and don't do anything then it doesn't load at all. I have no idea how this happened or how to fix it. Thanks.
Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
* Don't make any changes on the Safe mode start window.
* https://support.mozilla.com/kb/Safe+Mode
* https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes -
I have 7600 duplicates on my itunes account. I have no idea how this happened and want to delete the duplicates en mass.
Is it possible? How would I do it?
This happened just recently.
I do have a backup on My Book that may not have the duplicates. Not sure I WANT TO GO NUCLEAR THOUGH AND DELETE ALL THE DUPLICATES.
ANY HELP WOULD BE APPRECIATED.
THANK YOU.
TODDIf you've recently created a bunch of duplicates then, with the main Music playlist showing, hold down Option (Mac) or Shift (PC) and then the menu File > Display Exact Duplicates. Sort the resulting list on the Date Added field, select the range of tracks representing the recent imports which you know to be duplicates and delete.
To delete any older duplicates scattered through the library sort the list in a conventional order like Album by Artist and delete all but one copy of each cluster of identical tracks.
Normally when you delete the duplicate entries from the library you will also want to delete the underlying files, however in certain circumstances it is possible for iTunes to make two separate entries to the same physical file on your hard drive. In this case deleting the file for the one entry will break the other one. If possible try to work out which type of duplicates you have before deleting any files, and check that the remaining entries play before emptying the trash.
tt2 -
I purchased extra Icloud storage on my IPhone for £14 but have been charged an additional £1.58p where can I find out what this charge was for?
Sign in, activation, or connection errors | CS5.5 and later
For your payment issues you will have to contact ales support.
Mylenium -
When I go to About This Mac and click on Storage it shows 421.93GB as Other. This only leaves 46.85GB of 499.25GB free. How do I find out what this "Other" is so I can remove the stuff I don't need?
What kind of use do you make of your MBP? A lot of photo or video? If so, you may be storing a lot of large files. Look at Finder and see what the file system looks like. Do you have large libraries of data files associated with applications?
You may want to think about an external hard drive to use for backups and data storage, you can point applications to the external drive as the default storage location.
A good source of external drives at a reasonable price is the Mac specialist, OWC, http://www.macsales.com
I bought their Mercury Elite Pro 2 TB dirve last September and set it up to use part for Time Machine backup and part for other work space. Setup with Disk utility into two partitions is very quick and easy. Just remember to format as Extended Journaled with GUID partition table. Setting the partition sizes is by using a braphical image on screen in DU so it is like falling off a log, so easy. -
Hello. I am trying to buy to student edition of Acrobat XI-Pro but there isn't a student felt before or after order. Is there anyone who knows how this happens?
Hi,
Please refer to the below mentioned article for further information on this.
Student software discounts, student eligibility | Adobe
Thank,
Vikrantt Singh
Maybe you are looking for
-
Move 10.5 Server HD from one G5 to another?
Wow, I can't believe I'm posting this, but let's pretend it's 2007 and roll with it. So, I have a legacy FileMaker Server (FileMaker Server v10) running on a dual 2.3Ghz Power Mac G5 with Leopard Server (10.5.8). Aside from FileMaker Server, the only
-
Deploying Office 2010 with SP2 / Access runtime 2010
I am trying to install Office 2010 thru OCT / GPO. Starting a computerstartup script which runs a batchfile. The batchfile is starting the deinstalltion of Office 2003 and installs Office 2010. In the updates folder is also SP2 integrated so that SP2
-
Hi, I wondering how i can compare two values (integers) on a stack, i need to compare the top with the next to top. something like this: if (compare(new Integer(m-i)) == compare(new Integer((m-i-1))))where compare is the name of the stack, i get the
-
Problem creating Header Condition in BAPI_PO_CREATE1
Hello Gurus, I am having problems with creating a header conditions using the BAPI BAPI_PO_CREATE1. I am filling up table such as: POCONDHEADER, POCONDHEADERX. It creates a PO document but the header conditions I supplied is not included. How do I
-
As it says above, I have cookies set to always ask. I go to a domain (i.e. google) and it asks and I allow for session only. Some time later it will change to "first party only" and start to allow persistent cookies for the domain.