Steve Bonilla Staff asked 3 years ago
I thought you guys might be interested in this little write up I did about the recent incident with Anon and WBC:
Just learned about surrogafier myself, what a powerful script...
Shnerdly Staff answered 3 years ago
I like the article, I run three webservers right now and am building a fourth. All of them are on client networks.
Would setting them up on an isolated DMZ be the solution or would an isolated external IP be better?
Was the church running a Windows or Linux based server?
I guess I have never aggravated the wrong people so I have never had to deal with this kind of attack though I do promote Christian conservative concepts and ideals on most of the sites I maintain.
The most important thing I can think to ask is, How they initially gained access?
I have all of my webservers setup for external SSH access only. I also have them setup to allow access only from specific external IP's. If your IP is not on the list, you don't get in.
I only run Linux based servers with the latest Apache/PHP/MySQL/perl/cgi etc. I also do not have any GUI installed on any of them. I have always felt that would be the hole that would allow someone to get in.
I also have never allowed any kind of automount, autorun or autoscan of any read/write devices at all. In fact, after finishing the setup, I rem out USB, CDROM and Floppy devices in fstab so they are inaccessible. The servers are available on the LAN though. This seems to also be a risk I will have to address.