On Mon, 8 Jun 1998, Chris Newbill wrote:
> Do you have your hosts.allow set for everyone to come in and do whatever the
> heck they want?
I did, but I don't anymore.
>
> look in /etc/hosts.allow, if there's a line in there that say's ALL: ALL
> Then your server is fair game. You should limit access to only those
> servers outside your own network that need access the server(this is not web
> based access, everyone can still get to your pages) this is ftp, telnet,
> etc. That is usually enough to stop the pesky newbie hackers trying out
> stuff they find on the net. Another precaution is to go through you secure
> log and look for servers you don't normally see access your server. The
> more persistent hackers require you to check your logs normally (which you
> should be doing anyway) if you can trace a hacker back to where they came
> from call the ISP and the FBI.
I will check it out.
Thanks for the help.
-Bryan Opfer
>
> >I had the following messages on my daily report for one of my web servers
> >today:
> >
> >Checking Packages...
> >changes from previous run...
> >---
> >1a2
> >> ..5..... /usr/sbin/smbd
> >15a17,18
> >> ..5..... /usr/sbin/imapd
> >> S.5..UG. /usr/sbin/named
> >18c21
> >< .......T c /var/log/mars_nwe.log
> >---
> >> S.5....T c /var/log/mars_nwe.log
> >19a23
> >> S.5..... /bin/netstat
> >25a30,31
> >> SM5..... /bin/ps
> >> SM5..... /usr/bin/top
> >67a74,75
> >> S.5..... /bin/ls
> >> S.5..... /usr/bin/du
> >92c100
> >< ......G. /dev/ttyp1
> >---
> >> .M...UG. /dev/ttyp1
> >117a126
> >> SM5..... /usr/sbin/in.rshd
> >118a128
> >> SM5..... /bin/login
> >---
> >
> >
> >I assume this means I have been hacked. Am I right? I compared all the
> >file sizes to another server and all the files seem to be a bit larger in
> >size. I have copied all the files from the other identical server
> >and overwrote the files. And I changed all the passwords on the system.
> >Is there anything else I should do?
> >
> >Thanks,
> >-Bryan Opfer
> >
> >
> >--
> > PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> >http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
> > To unsubscribe: mail [EMAIL PROTECTED] with
> > "unsubscribe" as the Subject.
>
>
> --
> PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
> To unsubscribe: mail [EMAIL PROTECTED] with
> "unsubscribe" as the Subject.
>
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
