Be sure to install mod_security on Apache; it helps a lot.It is important to know how it got compromised so that you don't move that to the new system. Common methods are sql injection and using pages with poor input validation to run external code. I don't know how big your databases are but it's a good idea to dump them to text and skim through them for unusual text with back ticks ` , @, $, readfile, exec, etc that get rendered by the front end as code in poorly written pages. Also look in your apache logs; you will usually find it there also.
Don't trust any code on your front end; install vanilla versions of them and re-implement any mods you've made (makes it REALLY obvious how important adequate documentation is). It looks like you'll really need to scrutinize the mason-cm code.
Good luck.
JD
On Tue, Jun 14, 2011 at 22:41, Steve Phariss
<sphariss@gmail.com> wrote:
I may have a job putting a compramised system back into production (actually we are moving them from Ubuntu to a RHEL VM...)
I am still lacking some details but they are running apache, Mysql AND
Postgres, Drupal, and something called Mason-CM. I am not sure why the two DBs but if there is not a good reason I will move them off of one or the other.
Anyone have any good docs on securing Apache, Drupal, the DBs, or Mason-CM?
Thanks
Steve
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss