From: John Klassa (klassa@ipass.net)
Date: Tue May 30 2000 - 17:31:40 PDT
I do some consulting on the side for a small shop that does
custom web sites for people. They employ the services of a
web hosting company to handle the server end of things.
Recently, the web hosting company's machines were cracked.
Somebody got in and changed files so that all of the hosted
web sites displayed a "you've been cracked" page. The web
hosting company claimed to have fixed the leaks... Yet,
last night, the machines were cracked again.
The company for which I consult is, obviously, a bit peeved
and a bit nervous about the state of their system and its
outlook for remaining crack-free (as it were). They asked
me to look into things, and to sweep the system to see if
any trojan horses and the like had been installed.
I know very little about Unix system security (in particular,
I know very little about common exploits, nor do I know much
about the kinds of things that are commonly done to systems
to keep them compromised once compromised the first time).
What I need is to find someone I can trust (i.e. one of you,
or perhaps someone you know :-)), who's good at this sort of
thing, who'd be willing to take a look at their site and
evaluate its goodness/badness with repect to security, stuff
left behind to make re-entry easier and so forth. For pay,
obviously.
If interested, or if you know of someone who's interested,
let me know. I've been working with this client for a while --
they're good, decent people... I can vouch for them, and I'd
like to be able to recommend someone who I can likewise vouch
for. :-)
Thanks,
John
-- John Klassa / $perl_monger{Raleigh}[0] / <><
This archive was generated by hypermail 2b29 : Tue May 30 2000 - 17:34:54 PDT