Planting rootkits on compromised web servers
-
- Sargeant at Arms
- Posts: 244
- Joined: Thu Dec 11, 2003 4:28 pm
Planting rootkits on compromised web servers
Years ago when I setup my website I didn't bother filtering the input variables because I assumed that since there was no traffic on my site there would be no hackers. How wrong I was. It was probably robots that found the site but my site got brutally raped. I patched up the vulnerabilities and reuploaded it but it got my wondering what kind of long term things hackers can do once they've gained access to the server. How difficult would it be to install a rootkit on the server holding the website on which you've exploited unfiltered input variables?
- Cool_Fire
- Not a sandwich
- Posts: 1912
- Joined: Fri May 09, 2003 1:20 pm
- Location: 41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Planting rootkits on compromised web servers
It depends on how much access they got to your server. If they gained root access, you're basically lost. Rootkits are VERY hard to get rid of since they often embed themselves in system files. So if you don't have a backup of the original file, it's almost impossible to repair the system since anything new you install afterwards could just as easily be infected.
If you feel you have been infected, I'd say your best bet is to just reinstall the system, and take a very long hard look at what data you want to take from the old system, since if you take any infected files with you to the new install, you might well have the same problem there again.
If you feel you have been infected, I'd say your best bet is to just reinstall the system, and take a very long hard look at what data you want to take from the old system, since if you take any infected files with you to the new install, you might well have the same problem there again.