Hi.
On Friday 22 July 2005 00:00, Rob Sims wrote:
> On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> > way? What is currently possible in that respect on a machien that runs
> > ssh, apache, php, exim and nothing else (all as of Debian 3.1)?
>
> Didn&#x
Hi.
On Friday 22 July 2005 00:14, Ulf Harnhammar wrote:
> On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> > way? What is currently possible in that respect on a machien that runs
> &
Hi.
On Thursday 21 July 2005 22:52, Goswin von Brederlow wrote:
> > I don't know which user account got hacked, if this was what has
> > happened.
>
> Did you check the last lock? Maybe the attacker didn't remove the
> traces there.
He ran the mentioned logclean binary, the content of wtmp is not
Hi.
On Thursday 21 July 2005 22:39, Andras Got wrote:
> It's important to know whether it's an existing account, imho.
Yes. It is, because if it's not, it's not about cracking passwords, but
something else. Ugh.
> >>Do you use AllowUsers or AllowGroup?
> >
> > No. I hate to admit I didn't know
Hi.
Thanks for your reply!
Another question came up here. Is it really likely to be a SSH brute force
break in, or could the attacker have been able to log in some other way? What
is currently possible in that respect on a machien that runs ssh, apache,
php, exim and nothing else (all as of De
Hi.
On Thursday 21 July 2005 20:31, Andras Got wrote:
> The users, the ones the machines was hacked, were they existing users on
> the machine?
I don't know which user account got hacked, if this was what has happened.
> Do you use AllowUsers or AllowGroup?
No. I hate to admit I didn't know tha
Hi.
A server I take care of has been hacked twice in the last three days. It is
running Debian GNU/Linux, obviously. I ask you for advice on how this
happened, what happened, and what to do to avoid this.
The first hack happened on Tuesday, the machine was runnign Debian 3.0 plus
patches *but*
7 matches
Mail list logo
