Changes between Version 7 and Version 8 of web-app-security


Ignore:
Timestamp:
Apr 26, 2018, 5:16:07 PM (16 months ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • web-app-security

    v7 v8  
    11= Web Application Security =
     2
     3== Track outgoing connections ==
     4
     5Sometimes a compromise results in code periodically checking in with a control center. Often a abuse reporting site will let us know it's happening and will tell us what the IP address of the control center is.
     6
     7It can still be very difficult to figure out which site and which user is compromised.
     8
     9To help catch this behavior:
     10
     11 * Edit /etc/default/mf-ip-track-outgoing-connections and add the IP address we are looking for.
     12 * Start the service: `systemctl start mf-ip-track-outgoing-connection`
     13 * Check journalctl for hits (`journcalctl -u mf-ip-track-outgoing-connections -f`
     14
     15 *
     16
    217
    318== Control Panel Installation ==