Planting rootkits on compromised web servers

Get the latest on wired & wireless, talk network setups, get help with connectivity problems, web hosts, etc.
Post Reply
sh_ithe_ad
Sargeant at Arms
Posts: 244
Joined: Thu Dec 11, 2003 4:28 pm

Planting rootkits on compromised web servers

Post by sh_ithe_ad » Mon Jun 07, 2010 5:14 am

Years ago when I setup my website I didn't bother filtering the input variables because I assumed that since there was no traffic on my site there would be no hackers. How wrong I was. It was probably robots that found the site but my site got brutally raped. I patched up the vulnerabilities and reuploaded it but it got my wondering what kind of long term things hackers can do once they've gained access to the server. How difficult would it be to install a rootkit on the server holding the website on which you've exploited unfiltered input variables?

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Planting rootkits on compromised web servers

Post by Cool_Fire » Sat Jun 26, 2010 6:31 pm

It depends on how much access they got to your server. If they gained root access, you're basically lost. Rootkits are VERY hard to get rid of since they often embed themselves in system files. So if you don't have a backup of the original file, it's almost impossible to repair the system since anything new you install afterwards could just as easily be infected.

If you feel you have been infected, I'd say your best bet is to just reinstall the system, and take a very long hard look at what data you want to take from the old system, since if you take any infected files with you to the new install, you might well have the same problem there again.

Post Reply