On Wed, Aug 06, 2003 at 05:56:47PM +0200, Thijs Welman wrote:
> Alan James wrote:
> >Maybe they brute forced the root password ? Do you have
> >"PermitRootLogin yes" in sshd_config ?
>
> No, i didn't at that moment. But there's no sign of an succesfull root
> login. Not in ps aux, not in netstat a
- Original Message -
From: "Thijs Welman" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, August 06, 2003 5:56 PM
Subject: Re: Debian Stable server hacked
> Thanx for the replies so far.
>
[...]
>
> Thought of that myself. Checked the apache logfiles and went through the
> scripts... i don't
- Original Message -
From: "Thijs Welman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 06, 2003 5:56 PM
Subject: Re: Debian Stable server hacked
> Thanx for the replies so far.
>
[...]
>
> Thought of that myself. Checked the apache logfiles and went through the
>
Thanx for the replies so far.
Christian Hammers wrote:
Try "nmap" to see which services are reachable from the network.
Port State Service
22/tcp openssh
80/tcp openhttp
443/tcpopenhttps
from within the campus network adds:
Port State
Hello,
> Was anyone else logged in at the time? Perhaps one of your admins had a
> weak or compromised password?
Install "johntheripper" if you want to check for weak passwords :D a great
program!
Hobbs.
FOR ALL YOUR UNIX/LINUX QUESTIONS, visit: http://unixforum.co.uk
--
_-'`-_-'`-_-'`-_-
On Wed, 06 Aug 2003 16:01:39 +0200, Thijs Welman <[EMAIL PROTECTED]>
wrote:
>
>My loganalyzer showed four "Did not receive identification string from
>w.x.y.z" logentries from sshd. This happens all the time and i certainly
>don't check all of them out, but i happen to do so this time.
That's pro
A few thoughts on potenital problems:
Thijs Welman wrote:
Unfortunately i don't have the resources to get an IDS system up and
running...
A bare-bones IDS isn't all thet extreme to build, especially if you are
only interested in a single network. Debian stable + snort source
package from
Hello
On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote:
> I'm puzzled about how they managed to get those processes running (as
> root). There are no local accounts, other than some accounts for the
> sysadmins. Does anyone have any idea how they might have done this?
Most times, serv
Hi,
Last sunday, August 3rd 2003, one of my servers was hacked which i, by
coincidence, was able to catch 'in progress'.
My loganalyzer showed four "Did not receive identification string from
w.x.y.z" logentries from sshd. This happens all the time and i certainly
don't check all of them out, bu
Is anyone planning on porting OpenBSD's pf to Debian?
-
Perry Research, Inc.
5450 Bruce B. Downs Blvd #313
Wesley Chapel, FL 33543
p: 813-864-7659 f: 813-862-2015
http://www.PerryResearch.com/phorum
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
10 matches
Mail list logo
