Jump to content
moose-en-a-gant

How do you know if you've been breached?

Recommended Posts

I've recently started tracking visitors, simple incrementers on load that gather IP address and webpage.

 

For the most part they are bots but I've been seeing the webpages they are trying to access which many don't exist but they have me concerned

 

Man I can't believe this thing is targeting the server so much and this is only today that I've began gathering data.

 

I've had this server online for at least a month now

 

http://my-ip:80/script

http://my-ip:80/jenkins/script

http://my-ip:80/login

http://my-ip:80/jmx-console

http://my-ip:80/manager/html

http://my-ip:80/msd

http://my-ip:80/mySqlDumper

http://my-ip:80/msd1.24stable

http://my-ip:80/msd1.24.4

 

So... how do I know when I am no longer safe? What is safe anyway?

Share this post


Link to post
Share on other sites

I have the IP and I've looked them up in ip look up websites

 

I suppose I ought to do a pattern recognition thing, IP's looking for this sort of thing are automatically blocked 

 

I'd appreciate any thoughts regarding this situation

 

How do you block an IP anyway?

Do something like "If this ip, exit(); " ?

Edited by moose-en-a-gant

Share this post


Link to post
Share on other sites

That's very normal for a website. It's a malicious bot trying to find common weaknesses in your app. No point in blocking it really. There are thousands out there roaming the net looking for vulnerabilities in websites. This is why we stress security and building secure apps so much around here.

Share this post


Link to post
Share on other sites

How do you know if it is secure?

 

I was looking at some pages.

 

It would be nice to have weekly or even daily export at a certain time of databases and storing of source code.

 

http://stackoverflow.com/questions/134906/how-do-i-list-all-cron-jobs-for-all-users

 

http://kb.mediatemple.net/questions/1577/Working+with+a+hacked+or+compromised+server#gs

 

I imagine even if you did something like live output of the server processes not just the 1 min 5 min 15 min thing, somehow something can get by undetected.

 

There is so much to cover.

 

Anyway thanks for your response. More to add to the to-learn list.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.