[TriLUG] OT: Disinfecting a Club's Website

Tim Jowers timjowers at gmail.com
Mon Aug 19 21:24:31 EDT 2013


Hi Scott,
Doesn't your website run under apache:apache user:group?  And can that
user:group only read your files?  If so, I suspect the "hack" wasn't the
cgi-bin/php/etc on your server. Probably the host got hacked?
Tim



On Mon, Aug 19, 2013 at 9:11 PM, Alan Porter <porter at trilug.org> wrote:

>
> I'm not going to address the intrusion... but...
>
> One thing I like to do on web sites like this is use "git" to track
> (and revert) changes.
>
> Just "git init" and "git add *" and "git commit -m 'initial copy'" to
> get started.  Then when you think your files have been hacked,
> you can "git diff" to see, and "git checkout *" to revert back to
> the good copies.
>
> If you want to, you can clone that repo to somewhere safe, for a
> little added security.
>
> Even if you're not fighting some defacing bot, git is a nice tool
> to tracking what changed on a web site that has a lot of text
> files running it.
>
> Alan
>
>
>
> --
> This message was sent to: timjowers <timjowers at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/**listinfo/trilug<http://www.trilug.org/mailman/listinfo/trilug>
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/**
> options/trilug/timjowers%**40gmail.com<http://www.trilug.org/mailman/options/trilug/timjowers%40gmail.com>
> Welcome to TriLUG: http://trilug.org/welcome
>


More information about the TriLUG mailing list