Welcome to Gaia! ::

Gaia Forums » Entertainment » Computers & Technology
<3 </3
Reply
1 2 >

Offline
So, while I'm still in the process of trying to get my server sorted after an attempted hacking, I keep coming across these weird little quirks and issues it's having. Long story short, after some a**-hat tried to gain root access and ballsed up my password file in the process, I had to roll back to an earlier backup that didn't include a few of the users I'd created since then. One of those was an administrative user, which I had to recreate. Now, I find that during FTP with that user (which really is the primary web administrator account), I can do anything <i>but</i> create, delete, or rename folders in the main web directory. Seriously, it works everywhere <i>but</i> in "htdocs" (it's running apache).

What the hell has gone wrong now? I logged in as root to check out the other user's permissions, and they sure as hell look like they're set right. What's the deal?

Offline
clockworkanomaly
So, while I'm still in the process of trying to get my server sorted after an attempted hacking, I keep coming across these weird little quirks and issues it's having. Long story short, after some a**-hat tried to gain root access and ballsed up my password file in the process, I had to roll back to an earlier backup that didn't include a few of the users I'd created since then. One of those was an administrative user, which I had to recreate. Now, I find that during FTP with that user (which really is the primary web administrator account), I can do anything <i>but</i> create, delete, or rename folders in the main web directory. Seriously, it works everywhere <i>but</i> in "htdocs" (it's running apache).

What the hell has gone wrong now? I logged in as root to check out the other user's permissions, and they sure as hell look like they're set right. What's the deal?
no clue but i feel so sorry 4 u stare

Offline
Uh, thanks bunches. stare

Offline
Well, lets start with the basics. What version of Apache are you running? Are you running windows or linux (is there a mac version of apache?)?

Offline
Sheba_water
clockworkanomaly
So, while I'm still in the process of trying to get my server sorted after an attempted hacking, I keep coming across these weird little quirks and issues it's having. Long story short, after some a**-hat tried to gain root access and ballsed up my password file in the process, I had to roll back to an earlier backup that didn't include a few of the users I'd created since then. One of those was an administrative user, which I had to recreate. Now, I find that during FTP with that user (which really is the primary web administrator account), I can do anything <i>but</i> create, delete, or rename folders in the main web directory. Seriously, it works everywhere <i>but</i> in "htdocs" (it's running apache).

What the hell has gone wrong now? I logged in as root to check out the other user's permissions, and they sure as hell look like they're set right. What's the deal?
no clue but i feel so sorry 4 u stare

Don't post if you have nothing to contribute. Thank you.

As for your problem, maam, have you tried recreating the user once more?

Offline
p3ngu!n
As for your problem, maam, have you tried recreating the user once more?

Yeeeeah, we just tried that out now. And it's really funny (in a severely not funny kind of way) that it kept kicking both me (on SSH) and a tech support guy AT the box back to the prompt when we tried it.

Methinks that root kit is still there. In which case we're pretty much f*cked, but I'd like to see if anyone else has an explanation for this.

edit because somebody asked: It's running FreeBSD.

Offline
Uhh, ask niceley for the h4xx0r3r to go away? sweatdrop Meh, you could always re-install windows...

Offline
Re-install windows for a ftp-problem? That sounds quite stupid in my ears.

Offline
GhostSarah
Uhh, ask niceley for the h4xx0r3r to go away? sweatdrop Meh, you could always re-install windows...

Funny you should mention that, seeing as how I <i>just</i> told everyone that it's a Unix server. stare

Seriously, folks. If you don't know what we're talking about here, don't comment, please.

Offline
p3ngu!n
Sheba_water
clockworkanomaly
So, while I'm still in the process of trying to get my server sorted after an attempted hacking, I keep coming across these weird little quirks and issues it's having. Long story short, after some a**-hat tried to gain root access and ballsed up my password file in the process, I had to roll back to an earlier backup that didn't include a few of the users I'd created since then. One of those was an administrative user, which I had to recreate. Now, I find that during FTP with that user (which really is the primary web administrator account), I can do anything <i>but</i> create, delete, or rename folders in the main web directory. Seriously, it works everywhere <i>but</i> in "htdocs" (it's running apache).

What the hell has gone wrong now? I logged in as root to check out the other user's permissions, and they sure as hell look like they're set right. What's the deal?
no clue but i feel so sorry 4 u stare

Don't post if you have nothing to contribute. Thank you.

As for your problem, maam, have you tried recreating the user once more?
why?

Offline
Sheba_water
why?

Because it's just taking up space when I could be getting actual, helpful answers to my problem, instead of having to sit here and read your whoring for gold posts.

That's why.

Offline
Did you run the basics?
chkrootkit - To check for intrusions
Nmap & Satan, other things like that to scan places he/she/it could have entered through
System logs for things that don't match or shouldn't be there in case they have been changed

Thats all I can think of at the moment for starters, since would be best to find out if its still there before changing things, or if any changes were made

(P.S., if there was any changes made and you have backups, try comparing them with diff or similar commands. Also invest in tripwire)

Offline
Nikashera
Did you run the basics?
chkrootkit - To check for intrusions
Nmap & Satan, other things like that to scan places he/she/it could have entered through
System logs for things that don't match or shouldn't be there in case they have been changed

Thats all I can think of at the moment for starters, since would be best to find out if its still there before changing things, or if any changes were made

(P.S., if there was any changes made and you have backups, try comparing them with diff or similar commands. Also invest in tripwire)

Yeah, chkrootkit is how we found one in the first place, but we were pretty certain we had gotten rid of all its bits and pieces (the dipshit couldn't seem to get it implemented properly, and there's a period of "weird" activity in the logs for about a five minute span, after which it looks like he gave up and left). So, it wasn't a <i>complete</i> rootkit, anyhow. I'm still sifting through the logs, but because it's a moderately high traffic site, there's a lot of activity to wade through to get to the juicy stuff. I've got a time window I'm looking at, though.

Tell me about this "tripwire".

Offline
WOO TECHNOLOGY!!!!

Offline
clockworkanomaly
Nikashera
Did you run the basics?
chkrootkit - To check for intrusions
Nmap & Satan, other things like that to scan places he/she/it could have entered through
System logs for things that don't match or shouldn't be there in case they have been changed

Thats all I can think of at the moment for starters, since would be best to find out if its still there before changing things, or if any changes were made

(P.S., if there was any changes made and you have backups, try comparing them with diff or similar commands. Also invest in tripwire)

Yeah, chkrootkit is how we found one in the first place, but we were pretty certain we had gotten rid of all its bits and pieces (the dipshit couldn't seem to get it implemented properly, and there's a period of "weird" activity in the logs for about a five minute span, after which it looks like he gave up and left). So, it wasn't a <i>complete</i> rootkit, anyhow. I'm still sifting through the logs, but because it's a moderately high traffic site, there's a lot of activity to wade through to get to the juicy stuff. I've got a time window I'm looking at, though.

Tell me about this "tripwire".

Tripwire takes "snapshots" of your system and then reads on what should be changed and what should have not been change. It is a good way to see what was messed up or not.

http://www.tripwire.org/

The only thing I could think is that a few files in apache got messed up when it was converted to backup, maybe because there was a drastic change in files?
(I don't run Apache nor FTP servers so I can't help much on there)
Gaia Forums » Entertainment » Computers & Technology

Quick Reply

Submit
Manage Your Items
Other Stuff
More
Get GCash
Offers
More
Get Items
More Items
More
Where Everyone Hangs Out
Other Community Areas
  • Guilds
    fan clubs for the stuff you love
  • Chat
    chat in real time with other Gaian's
  • Art Arenas
    browse & rate gaian art galleries
  • Clans
    play zOMG with others
More
Virtual Spaces
Fun Stuff
More
Gaia's Games
Mini-Games
More
Play with GCash
Play with Platinum
More