Re: hacker

Mon, 8 Jun 1998 14:42:41 -0400 

Do you have your hosts.allow set for everyone to come in and do whatever the
heck they want?

look in /etc/hosts.allow, if there's a line in there that say's ALL: ALL
Then your server is fair game.  You should limit access to only those
servers outside your own network that need access the server(this is not web
based access, everyone can still get to your pages)  this is ftp, telnet,
etc.  That is usually enough to stop the pesky newbie hackers trying out
stuff they find on the net.  Another precaution is to go through you secure
log and look for servers you don't normally see access your server.  The
more persistent hackers require you to check your logs normally (which you
should be doing anyway)  if you can trace a hacker back to where they came
from call the ISP and the FBI.

Chris
-----Original Message-----
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, June 08, 1998 7:21 AM
Subject: hacker


>I had the following messages on my daily report for one of my web servers
>today:
>
>Checking Packages...
>changes from previous run...
>---
>1a2
>> ..5.....   /usr/sbin/smbd
>15a17,18
>> ..5.....   /usr/sbin/imapd
>> S.5..UG.   /usr/sbin/named
>18c21
>< .......T c /var/log/mars_nwe.log
>---
>> S.5....T c /var/log/mars_nwe.log
>19a23
>> S.5.....   /bin/netstat
>25a30,31
>> SM5.....   /bin/ps
>> SM5.....   /usr/bin/top
>67a74,75
>> S.5.....   /bin/ls
>> S.5.....   /usr/bin/du
>92c100
>< ......G.   /dev/ttyp1
>---
>> .M...UG.   /dev/ttyp1
>117a126
>> SM5.....   /usr/sbin/in.rshd
>118a128
>> SM5.....   /bin/login
>---
>
>
>I assume this means I have been hacked.  Am I right?  I compared all the
>file sizes to another server and all the files seem to be a bit larger in
>size.  I have copied all the files from the other identical server
>and overwrote the files.  And I changed all the passwords on the system.
>Is there anything else I should do?
>
>Thanks,
>-Bryan Opfer
>
>
>--
>  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
>         To unsubscribe: mail [EMAIL PROTECTED] with
>                       "unsubscribe" as the Subject.


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to