Hi, the following post is a forward of an email by Fergie to funsec. This
story by itself is not relevant to NANOG, but it does illustrate a problem
nearly all of us have been facing. Mass exploitation of servers in our
nets, colos and hosting farms.
Nearly ever (relevant, not say, just a transit one) ISP I spoke to
globally has this problem.
With thousands of sites on every server and virtual machines everywhere,
all it takes is one insecure web application such as xxxBB or PHPxx for
the server to be remote accessed, and for a remote connect-back shell to
be installed. The rest is history.
This is often soon followed with masses of defacements, spam, bots, ddos,
etc.
We all (well, never say all, every, never, ever, etc.), many of us face
this. What solutions have you found?
Some solutions I heard used, or utilized:
1. Remote scanning of web servers.
2. Much stronger security enforcement on servers.
3. "Quietly patching" user web applications without permission.
4. JGH - Just getting hacked.
What have you encountered? What have you done, sorry, heard of someone
else do, to combat this very difficult problem on your networks?
The whole business of this hosting is the low cost, and everyone wastes
countless man hours on killing fires.
This is not about BGP, but it is an operational problem that bugs us,
operators.
Thanks,
Gadi.