[TYPO3-english] Looking for typo3_src-4.0.2.tar.gz

[Martin Bless]

[Rudy Gnodde] wrote & schrieb:

>You should also inform your provider if you don't host it yourself, so 
>they can check deeper into the server. If the server isn't locked down 
>correctly a hacker might have installed things like an IRC bot in the 
>/tmp directory for example.

Yes, that's a good idea. 

The other hints you gave will be obeyed since it's planned, roughly
spoken, to move only the data to a different server and restart with a
clean und up to date installation.

This leads to another question: How to check the data? A clever hacker
might have polluted the data (html, typoscript) as well. This will not
be a dangerous for ourselves but may ruin the good reputation of our
site..

Last autumn I attended a meeting where a security expert explained
that intruders sometimes only append a little bit of html to the page.
For instance an IDIV, width:0, display:none. It has a link in it that
connects to a russion server. Over there a bot will go over the logs
and deliver malware exactly tailored for the specific browser.

The question is: It's a big site. How to be sure? The IDIV thing I
know. What else can occur?

Martin

-- 
http://mbless.de