Don’t Forget To Do A Spring Clean On Your Server

Filed under Server Tips | Posted by Gary

Over time some of us tend to get a collection of scripts on our servers that we don’t use. It may be a script that you were testing, something you wanted to check out but didn’t use or an old script that was replaced with something else.

I had two incidents this week that related to old scripts. One was a phpBB2 forum. The owner had set this up some time ago (approx. 1 year) but it hadn’t really taken off. He had emailed me that he was continually receiving high cpu load email alerts from his server. When I checked, it was MySQL that was causing the high load. I then had a look with phpMyAdmin and saw that this phpBBdatabase had over 240,000 records in the posts and topics tables and over 1 million records in the ‘words’ database. phpBB has a cron job that builds a database of words and phrases to improve search speed. Because there were so many posts this cron job was taking a long time to run and stressing the CPU a little. The posts were all from automated porn posting ‘bots’ that were just continually adding random pornography related posts. Given that the forum wasn’t getting any real use we simply removed it. It’s not the first time I’ve seen this issue though – forums are a target for automated posters of porn and general spam. If you have set up any forums in the past but didn’t get aroundto using them, now might be a good time toremove them – they may be causing unnecessary server load.

The second incident was a script that creates online forms. The whole thing was written in PHP and could create a form on-the-fly. The owner started to get hundreds of notifications from this form and didn’t know where the notifications were coming from. A quick text search on the server revealed a directory that had this form script in it. Additionally, there was no default page in that directory (i.e.index.php, index.html) and directory listing was turned on. What that means is that the list of files was there for anyone who discovered the directory. This is a common technique for hackers. If, for example, I know that by default a script that I can exploit is usually installed in /nastyscript/ I could easily set up a spider to check domains for that directory. So there are 3 tips in this instance:

  1. Remove your old scripts.
  2. Always have a default file or turn off directory indexing on your server.
  3. Don’t install to the standard directory for a script. In the example above it would have been better to install to something like /nastyscript_131/ or something similarly random.

You must be logged in to post a comment.