Posts

Showing posts from February, 2007
Story of a website being hacked Hosting a website at home is one thing, but hosting one on the live internet is a whole different ballgame. Yesterday, I decided to expose one of my Xen virtual machines at home to the internet just to see if it works. I wasn't expecting to be hacked in less than an hour though with just 2 ports open. It brought down my jboss server(did a security no-no by running as root- hey, I was running it on XP before! :-), no ssh access etc. It helped that it was a Xen guest, I deleted the disk image and restored my backup. I just had to have more control if someone did attempt to break in again. So, put the machine back live again with more security tools & help from Google. Eg. apache with mod_jk instead of jboss, host FW rules in addition to h/w firewall rules, snort with upto-date rules, did a portscan with nmap, chkrootkit, backed up the system profile with tripwire and checks running every hour with automatic emails to me. I thought this was a good s