Tuesday, November 20, 2012

When your web server gets attacked.....

This post may be a mixture of rants and some quick tips on how to save your web server when you suspect there is some malicious attack on it and you have limited admin access and support.

It becomes imperative to create a world writable directory if you have a web server that plots, maps data on user demand. I would like to hear more from people if they knew how to do this otherwise. I have been looking for solutions into this problem, but did not find any. Now I have settled for something that makes your web program clean its own mess.

Suppose say you have a world writable directory called /tmp/XX and some hacker has been able to put in some malicious code into it and is being able to run it. Now my solution for that is to delete the content of this folder after n hours. Just put in a small command inside your web program that runs frequently, and when that runs, the world writable folder will be cleaned.

# To delete all files older than 6 hours in /tmp directory

$command="find /tmp -type f -name \"*.*\" -mmin +360 -exec rm {} \\;";
system($command);

Will probably partly solve your problem.

No comments: