By Paul Tero CHAPTER 8Security Issues
By this point, you should have some HTML reaching your browser. If it’s
not what you expect, then there’s a chance that your website has been
compromised. Don’t take it personally (at first). There are many types of
hacks and most of them are automated. Someone clever but unscrupulous
has written a program which detects vulnerabilities and exploits them.
The purpose of the exploit may simply be to send spam, or to use your
server as part of a larger attack on a more specific target (a DDoS).
SeRveR haCKS
Operating systems are very complex pieces of software. They may be built
from millions of lines of programming code. They are quite likely to have
loopholes where sending the wrong message at just the wrong time will
cause some kind of blip which allows someone or something to gain entry.
That’s why Microsoft, Apple, Ubuntu and others are constantly releasing
updates.
Similarly, Apache, nginx, IIS and all the other software on a typical
server is complicated. The best thing you can do is keep it up to date with
the latest patches. Most good hosts will do this for you.
A hacker can use these flaws to log in to your server and engineer
themselves a terminal session. They may initially gain access as an
unprivileged user and then try a further hack to become the root user. You
should make this as hard as possible by using good passwords, restrictive
permissions, and being careful to run software (like Apache) as an
unprivileged user.
If someone does gain access, they may leave behind a bit of software
which they can later use to take control of your server. This may be
detectable by an anti-virus scanner or something like the Rootkit Hunter,
which looks for anomalies like unexpected hidden files. But there are also a
few things you can do if you suspect an intrusion.