"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid." – Albert Einstein

Remote Intrusion

Remote Intrusion: Remote Intrusion is the act where the attacker does have all the access to your web site and he can do every thing as he want. Like he can delete your page, modify it or redirect your user to another location. He can steal your valuable data from your site like credit card information, user account details etc.

If Server is attacked through Remote Intrusion you need to follow these steps and need to check the security issues:
1). Need to check all FTP accounts as well as all shell login account.
2). Change userid and password for all user on that particular server which was affected by malware or hacked.
3). Dictionary will be not used for FTP as well as Shell login.
4). Unknown opened port need to close.
5). You Need to use RKhunter, root kit.
6). Dedicated Server is best option to reduce the security loopholes.

You can use few tool to detect the Remote Intrusion:
A). RKhunter: rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

B). Root Kit : A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.

Typically, an attacker installs a rootkit on a computer after first obtaining root-level access, either by exploiting a known vulnerability or by obtaining a password (either by cracking the encryption, or through social engineering). Once a rootkit is installed, it allows an attacker to mask the ongoing intrusion and maintain privileged access to the computer by circumventing normal authentication and authorization mechanisms. Although rootkits can serve a variety of ends, they have gained notoriety primarily as malware, hiding applications that appropriate computing resources or steal passwords without the knowledge of administrators and users of affected systems. Rootkits can target firmware, a hypervisor, the kernel, or—most commonly—user-mode applications.

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternate, trusted operating system; behavioral-based methods; signature scanning; difference scanning; and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; re-installation of the operating system may be the only alternative.

C). Shell Login Access: A Unix shell is a command-line interpreter or shell that provides a traditional user interface for the Unix operating system and for Unix-like systems. Users direct the operation of the computer by entering command input as text for a command line interpreter to execute or by creating text scripts of one or more such commands.

If any user login access have dictionary (like password is same as user-name or slightly difference in user id and password ) then hacker can access with full privileges.

D). FTP login: same as shell login access.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s