This makes me wonder... first off, hes running 7.0. Has he or the admin bothered with keeping the machine up to date with errata and secuirty patches? Next, that makes me ask, why AGAIN? Did they not learn anything from the first time? Apparently not, if in fact the intruders got in the same way.
Also, after the first time, how did they handle it? did they actually reinstall the server from scratch, or did they just reintall the rpms that were affected?
I think you all have good ideas, so here is my list of things that he must do.
1: format and reinstall this machine
2: install all current patches and errata
3: remove wu-ftpd and install proFTPD
4: set proFTPD up to use a chroot jail for all FTP connections
5: ensure that NO anonymous FTP connections are allowed.
6: Only after all this is done, put the machine back on the network with internet access.
Paul Barclay wrote:
Why don't you just use SSH and be done with it!
Why use FTP? So 2 decade ago!
On Thu, 2003-05-29 at 14:56, Joe Giles wrote:
Or, better yet, use an FTP daemon that is secure and not the stock one that comes with RedHat (WU-FTP?):-P. I use ProFTPD and I have not had one problem as of yet (Knock on Wood), however, I do like the idea of a chroot jail :-D..
Thanks
Joe
On Thu, 2003-05-29 at 05:57, Anthony E. Greene wrote:
On 29-May-2003/16:53 +0530, [EMAIL PROTECTED] wrote:
My server RH 7.0 (soon upgrading to 8) has been again hacked vi ftp . It has been twice and the process is same. They login via ftp (anonymous) user.
Do you really need to allow anonymous FTP from all over the Internet? If you don't need this, then turn it off. If you do need it, then use a chroot jail to minimize the chances for mischeif.
Tony -- Anthony E. Greene <mailto:[EMAIL PROTECTED]> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Messenger: TonyG05 HomePage: <http://www.pobox.com/~agreene/> Linux. The choice of a GNU generation <http://www.linux.org/>
________________________________________________________________________
E-mail is an informal method of communication and may be subject to data corruption, interception and unauthorised amendment for which Digital Bridges Ltd will accept no liability. Therefore, it will normally be inappropriate to rely on information contained on e-mail without obtaining written confirmation.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
________________________________________________________________________
-- Jeffrey Lane ConnectNC.com / Internet of the Sandhills [EMAIL PROTECTED]
chown -r us:us /yourbase/
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
