2M New Websites a Year Compromised To Serve Malware 72
SkiifGeek writes "Sophos claims that they are detecting 6,000 new sites daily that have been compromised to serve malware to unsuspecting site visitors, with 80% of site owners not aware that they have been compromised — though this figure is probably on the low side. With increasingly vocal arguments being put forward by security experts criticizing the performance and capability of site validation tools (though many of these experts offer their own tools and services for similar capabilities), and rising levels of blended attacks, perhaps it is time you reviewed the security of your site and what might be hiding in infrequently used directories."
Just check your access logs (Score:1, Informative)
my 2 cents...
Re:How to Check a LAMP Server? (Score:5, Informative)
Might not be the best solution but it should be easy to implement. Larger sites can do incremental scans. It would be harder to detect corruption of databases, though, unless you know what to look for or have a concrete way of validating the contents.
=Smidge=
Re:How to Check a LAMP Server? (Score:2, Informative)
You're right that it won't help you detect that somebody has managed to insert a chunk of javascript or PHP in your insecure mySQL/PHP web app, though. Perhaps a combination of Snort, Ntop (if it wasn't shit), a "hardened" PHP binary and config, and log monitoring would alert you in the case of an attack.
The problem is that there's a lot of badly written or out of date software out there that can be exploited, even without discovering new holes. If you're running this sort of thing and making it publicly accessible over the net, somebody is going to take advantage of it.
Re:KDAWSON--Please, please read this and respond (Score:3, Informative)
Re:How to Check a LAMP Server? (Score:1, Informative)
http://radmind.org/ [radmind.org]
Re:How to Check a LAMP Server? (Score:2, Informative)
Congratulations! You have just described Tripwire [sourceforge.net].
Radmind (Score:2, Informative)