[TriLUG] cracked shared hosting: what to do?

Scott Miller scottlinux at gmail.com
Wed Apr 17 19:09:59 EDT 2013


If the compromise and attacker used a php shell on that same shared hosting
server (on any adjacent site), they can then make changes to files or
anything they want and nothing is logged.

Check out any of these php shells:

http://www.securityaegis.com/web-shells-for-all/

With these you can upload files, change files, execute code, change file
timestamps, all transparent and not logged anywhere by logs. (Will not put
anything in apache logs)

It all depends on how secure or insecure dreamhost shared hosting is as to
how much one could change via this method.



More information about the TriLUG mailing list