Anyone who has hosted peoples websites before, has had either a blog hacked, or some guy thinking he is going to send mass mailouts using PHP or similar happen. Its extremely hard to trackdown and deal with, and yet it can get your server listed at spam service denying legitimate email from getting through. This… Continue reading Unsure who is sending spam? Try this
We recently discovered that the way we install a VPS differs slightly from the usual CD install. This is not something we do specifically but something that can be improved on in the set-ups of CentOS5.3. When you install from a CD it automatically enables MD5 encryption in passwords (which should be the norm), however… Continue reading Does your VPS have MD5 enabled for passwords?
If you use any pre-packaged software, it always pays to sign up to their mailing list or security advisory list. This means if any exploits or updates happen, you are on the ball and up to date. Today we had an email from a customer whos front page had been replaced. I noticed it was… Continue reading Has your VPS been hacked?
It sucks getting hacked Every now and then servers get hacked. Often because of an exploitable webapp, or because (most commonly) a weak, easily guessable password was used on a well known user account (like 'root' or 'info' or 'test'). Once hackers gain access they often install some kind of malware. e.g. something that goes… Continue reading nginx hacking using proxy
Recently we have had a few support requests come through from people who are new to Linux, and are unsure how to maintain a server at all. Package Management If your Linux distro is RedHat based (ie Centos, , then you will be using yum and RPM. RPM is for doing individual package manipulation (installing,… Continue reading Introduction to the new Linux Sysadmin
Heres a little Shell Script I wrote which, if run, will check your entire server for insecure versions of wordpress. If it finds any, it will give you the option to upgrade. If you say yes it will backup the existing sites file and database in /root/wp_upgrade and upgrade it. Please Note: This has not… Continue reading WordPress Upgrade Script
WordPress is a great application. e.g. we are using it here for this brand new blog. The irony is that the first post on this blog is a security alert on a WordPress exploit. There is a good summary of the issue at http://it.slashdot.org/story/09/08/12/1353211/WordPress-Exploit-Allows-Admin-Password-Reset Are you running WordPress? We do not install it on accounts… Continue reading Is your WordPress install exploitable?