[TriLUG] OT: Disinfecting a Club's Website
Tim Jowers
timjowers at gmail.com
Mon Aug 19 21:24:31 EDT 2013
Hi Scott,
Doesn't your website run under apache:apache user:group? And can that
user:group only read your files? If so, I suspect the "hack" wasn't the
cgi-bin/php/etc on your server. Probably the host got hacked?
Tim
On Mon, Aug 19, 2013 at 9:11 PM, Alan Porter <porter at trilug.org> wrote:
>
> I'm not going to address the intrusion... but...
>
> One thing I like to do on web sites like this is use "git" to track
> (and revert) changes.
>
> Just "git init" and "git add *" and "git commit -m 'initial copy'" to
> get started. Then when you think your files have been hacked,
> you can "git diff" to see, and "git checkout *" to revert back to
> the good copies.
>
> If you want to, you can clone that repo to somewhere safe, for a
> little added security.
>
> Even if you're not fighting some defacing bot, git is a nice tool
> to tracking what changed on a web site that has a lot of text
> files running it.
>
> Alan
>
>
>
> --
> This message was sent to: timjowers <timjowers at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/**listinfo/trilug<http://www.trilug.org/mailman/listinfo/trilug>
> Unsubscribe or edit options on the web : http://www.trilug.org/mailman/**
> options/trilug/timjowers%**40gmail.com<http://www.trilug.org/mailman/options/trilug/timjowers%40gmail.com>
> Welcome to TriLUG: http://trilug.org/welcome
>
More information about the TriLUG
mailing list