Blog

I was unfortunate enough to be running a vulnerable install of cvstrac about a month ago and this server was hacked. Thanks to my brother (who noticed some strange goings on), I was alerted to the problem and had booted the intruder off within 45 minutes of them starting to mess around.

Post mortem analysis of the cvstrac log showed that the initial intrusion and installation of zbind took place a week earlier. Ouch. Slap my wrists for not noticing it sooner. Curiously, the intruder did not appear to have managed to gain root. This is curious because for that 45 minute spell, everything on the box was reporting permission denied and no logins were possible. I verified the system with chkrootkit and the rpm checksum validation; no sign of problems. Weeeird.

I decided to rebuild the box from scratch, just in case, and I've been crafting this new installation for a couple of weeks in my spare time; everything is chrooted and locked down, so if a new vuln is announced, the impact should be minimal.... fingers crossed.

I'd like to thank my hosts John Companies for their excellent service; in no time they had a fresh install of a newer Red Hat for me to rebuild my system, and kept my existing server up and running for me to transfer across the data--at no extra charge. I'm pleased with their level of service; they're not quite as quick to respond to your inquiries as their testimonials suggest, but they are fast enough, and you're dealing directly with people that know what they're doing.

They also offer an OpenSource contributor discount, so if that's you and you're looking for root@your-own-box on fair hardware (dual PIII 860 Mhz on my server) but don't have oodles of cash to throw at it, go take a looksee at JC.

It's worth noting that these are Virtual Private Servers, so you are technically sharing the hardware with other customers, but not the filesystem or other services; you have control over everything except for the kernel. You hardly notice that it's a VPS if you're running efficient, long-lived, server applications; it is a tad slower if you're firing off new processes though (such as CGI or compiling stuff), as the scheduler is geared towards the former and not the latter.


View Comments