Send a mail to abuse@site_name (maybe they will take action). and secure
your server..
Yashodhan Barve
[EMAIL PROTECTED]
tel- 780-412-6985
On Wed, 8 Dec 1999, Jeff Graves wrote:
> I guess there's not too much I can do about someone that hacked me from a
> dailup-account in china huh?
>
> -----Original Message-----
> From: Yashodhan Barve [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, December 08, 1999 3:19 PM
> To: '[EMAIL PROTECTED]'
> Subject: Re: How to find who own's an IP address WAS: Got hacked, need to
> make sure it doesn't happen again
>
> Try
>
> fwhois [EMAIL PROTECTED]
>
> Yashodhan Barve
> [EMAIL PROTECTED]
> tel- 780-412-6985
>
> On Wed, 8 Dec 1999, Jeff Graves wrote:
>
> > I found an the address of someone that was running some services they
> > shouldn't have tried to run. Not only did my mail server get hacked but
> > an attempt was made on my primary dns server as well. I found an IP
> that
> > repeatedly tried using telnet and finger as well as ftp. How do I find
> > who owns it? Tried an nslookup with no luck. Tried a ping with no luck.
> > Traceroute turns up a bunch of other IP address in that subnet with no
> > domain name. Any ideas?
> >
> > TIA
> > jeff
> >
> > -----Original Message-----
> > From: Jeff Hogg [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, December 08, 1999 1:53 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Got hacked, need to make sure it doesn't happen again
> >
> >
> > -----Original Message-----
> > From: Jeff Graves <[EMAIL PROTECTED]>
> > To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
> > Date: Wednesday, December 08, 1999 12:31 PM
> > Subject: Got hacked, need to make sure it doesn't happen again
> >
> >
> > >My mail server got hacked last night. I guess i was asking for it
> > though. I
> > >didn't really do any security checks close any ports. In fact I just
> > >installed everything and left everything open. At any rate, i came in
> > this
> > >morning and everything wasn't working. I had to reinstall and setup
> > >sendmail and the pop3 service all over again. And add all the users.
> It
> > >took about 3 hours. I was just wondering if anyone can tell me what
> logs
> > i
> > >should monitor all the time and what i need to shut off. I reinstalled
> > the
> > >server using the bare minimum. It has sendmail, the linux kernel,
> > apache,
> > >some ftp services, and a couple of other things. Other than than, it's
> > >empty. I needed apache because i want to run some sort of Internet
> front
> > >end for my users so they can check their mail. Anyway, i have a few
> > books
> > >I'm tearing apart doing everything i can but I figured first-hand tech
> > >knowledge is probably the best adivce. Any help?
> >
> >
> > That had to hurt.. I'm about to open my own site here, and I've been
> > working
> > on learning what your trying to learn as well. I don't know enough to
> be
> > called an expert, but it can't hurt to start somewhere. I would
> suggest
> > a
> > careful writting of your hosts.allow and hosts.deny files. I would
> also
> > suggest downloading and installing ipchains. I think you can get an
> rpm
> > from most redhat mirrors. I've got a ip masqueraded LAN set up here in
> > my
> > office and have had to apply some security to the linux box I use as a
> > "router". It's set up with only those services I have a need for. It
> > has a
> > hosts.deny of ALL:ALL and a hosts. allow of ALL:10.0.0. and
> > ALL:127.0.0.1
> > to allow the local lan and the localhost to use those services. I also
> > set
> > up ipchains to do the following:
> >
> > deny all ip forwarding by default.
> > allow ip forwarding for just my local lan
> > I deny all connection attempts comming into my modem.
> >
> > The ipchains rules are fairly simple to use and seem very effective. I
> > have
> > had no attempts succeed against this system so far. Hopefully that
> state
> > will continue. I think it is a bit harder with a true server where
> ports
> > need to be open, but you can still restrict entry to just those ports,
> > and
> > stop others from pretending to be a machine on your network. I hope
> this
> > helps. Others will probably add a lot more :)
> >
> > Jeff Hogg
> >
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
> >
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
> >
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
