[TYPO3-english] Looking for typo3_src-4.0.2.tar.gz
Martin Bless
m.bless at gmx.de
Wed Apr 8 12:27:46 CEST 2009
[Rudy Gnodde] wrote & schrieb:
>You should also inform your provider if you don't host it yourself, so
>they can check deeper into the server. If the server isn't locked down
>correctly a hacker might have installed things like an IRC bot in the
>/tmp directory for example.
Yes, that's a good idea.
The other hints you gave will be obeyed since it's planned, roughly
spoken, to move only the data to a different server and restart with a
clean und up to date installation.
This leads to another question: How to check the data? A clever hacker
might have polluted the data (html, typoscript) as well. This will not
be a dangerous for ourselves but may ruin the good reputation of our
site..
Last autumn I attended a meeting where a security expert explained
that intruders sometimes only append a little bit of html to the page.
For instance an IDIV, width:0, display:none. It has a link in it that
connects to a russion server. Over there a bot will go over the logs
and deliver malware exactly tailored for the specific browser.
The question is: It's a big site. How to be sure? The IDIV thing I
know. What else can occur?
Martin
--
http://mbless.de
More information about the TYPO3-english
mailing list