intranet and some little bastards

**popcorn** · 03-22-2002, 11:37 AM

I've just found out that some of the kids have found one of my web aplications on the intranet, before it's gone live. They gave me a pile of BS about how they found it and them being hackers (they don't even come close to script kiddies).

I'm fairly sure they had just seem the URL over my shoulder when I was showing my line manager my handywork, because it's one of about 5 aplications in the same place and they have only found one (they didn't even find the directory above :

).

Now I'm not worried about them rooting the box or anything, but what i would like is to workout what they're doing and when. Has anyone got any good links to websecurity or any advice?

Thanks

**tolstoy** · 03-22-2002, 11:49 AM

You could try CERT. That's the only place I can think of right now.

http://www.cert.org/nav/index_green.html

**civ1492** · 03-22-2002, 11:58 AM

I know what you mean, I hate such script kiddies ..
why not try some intrusion detection system, like http://www.tripwire.org/ [tripwire] or if you have more than one or two machines to watch you could set up a loghost, so that there is one machine where all the logs get collected.
http://www.dulug.duke.edu/~icon/dulog

**Killer_Penguin** · 03-22-2002, 12:53 PM

or use .htaccess files to keep unwanted people out until you are ready to go live?

**popcorn** · 03-22-2002, 01:27 PM

Thanks,

I'm looking into all your suggestions.

I guess I'm just a little worried one or two of them know more than I give them credit for and and just falling back on my maxim "Prepare for the worst, hope for the best". (That and it'll give me an excuse to study security during work hours *

)

**stryder144** · 03-22-2002, 01:57 PM

(That and it'll give me an excuse to study security during work hours *

)

Hey, if it wasn't for work, I wouldn't be as well-read as I am

! I have to be here for twelve hours (with maybe two hours worth of work to accomplish between two people), so I might as well do something interesting, like read.

**Compunuts** · 03-23-2002, 02:48 AM

or use .htaccess files to keep unwanted people out until you are ready to go live?

I agree. Rather than looking for others, why not use built-in tool that you've already got??

**Vagrant** · 03-23-2002, 06:40 AM

http://www.linuxsecurity.com is a good site, I recommend it .. lots of info there .. Also check out PacketStorm, links are provided on LinuxSecurity.com .. good luck ..
*Vagrant