I've experienced a server intrusion that I can pin down to a five day
period, so far. The perp altered robots.txt and change the intrasite
search engine to search the competitor's site. This had terrible
impact on search engine ranking, of course.
This is an updated Fedora Linux server. I'm publishing mostly with
Frontpage, but there is also ftp access going on to set up a phpbb2
bulletin board, other occasional accesses, usually using WS_FTP. I
will go ahead with learning about and instituting some of the safety
precautions described here
http://answers.google.com/answers/threadview?id=166896 especially
answers from owain-ga and eiffel-ga
My questions (which are also posted as a fresh, pay-for-answer question):
1. Does Frontpage have similar vulnerabilities for hacking password?
2. Do I have hope of learning the ip address or other partial identity
of the hacker? Are there investigators recommended who do this
professionally? I can narrow down my suspicion about who it was
pretty easily.
3. Is it worthwhile reporting the criminal intrusion, and if so, to whom?
4. I have looked for other security and monitoring software, and have
found Snort and Snorter. Is this recommended? http://www.snort.org/
Also Tripwire http://www.linuxsecurity.com/content/view/110291/65/
5. What other files might have been vandalized by my competitor on my
server to prevent its being promoted? The site has just about
disappeared from search engines results, now, 20 days after the
attack.
The ftp logs on the server, furnished by my server administrator, have
been of little use, so far.
On the matter of civil litigation, the dollar value of damage is not
huge, this being a site for a non-profit group. However, the
suspected perpetrator belongs to a major law informatics website (!)
so that the cost to them of a public conviction would be staggering.
Financing an investigation would be a burden; I am not sure of the
forensic legitimacy of a "bounty hunter" type of operation. |
