There was a penetration of a server recently that allowed intruders to take control of dozens of websites and e-mail accounts, SSNs and some credit cards numbers. The server was running GNU/Linux and it was compromised in multiple ways:
- no filtering of user input in web forms submitted to PHP,
- using that unfiltered input in shell commands,
- passwords kept in a database in clear text,
- allowing root to log in from the web,
- careless upload script, and
- everything on one server.
The sheriffs claimed nothing was taken but everything was moved to another server and the attack was repeated and data published. The new server was just a copy of all the vulnerabilities of the first server.
This was a textbook case of how not to secure a server. Putting 58 sites on that server may have been more efficient for the operators but it also made the intrusion more efficient. The intruders could type a single command and do everything/anything as root. I have put a few servers on the web and I know one should pay attention to dozens of details to prevent stuff like this happening. Last year, I put a machine up and I made sure there was nothing on it I could not afford to lose and I backed it up. I made sure there was nothing on it not needed for the task. Was it invulnerable? Probably not, but there were many layers of defence between it and stuff I cared about. These guys used this insecure paper bag to manage prisoners, confidential informants, an e-store and other sensitive documents.