Was My Brand Spanking New SUSE 9.2 Installation Hacked First 12 Hours Online?
The only services running were Apache2 and SSH, configured out of the box. Firewall configured out of the box. Left the office at 7:30 pm.
From home, I logged in via ssh. That was about 9:30 pm.
This morning tried to log in from home (about 8 am) but ssh connection refused. When I arrived in the office (about 9 am) I inspected the box and found very little to suggest an intrusion. A couple of clues/curiosities. There was one entry in the httpd log in the middle of the night. A whole bunch of entries in message and warning log written by postfix indicating that postfix not running. Most curious of all is that when I tried to create files as root, I learned that the system was read-only. I tried to create a file in the "/root" and "/" file systems. Does any of this mean anything to anybody?
On Wednesday 22 June 2005 09:56, Paul Grope wrote:
The only services running were Apache2 and SSH, configured out of the box.
Firewall configured out of the box.
Left the office at 7:30 pm.
From home, I logged in via ssh. That was about 9:30 pm.
This morning tried to log in from home (about 8 am) but ssh connection refused.
When I arrived in the office (about 9 am) I inspected the box and found very little to suggest an intrusion. A couple of clues/curiosities.
There was one entry in the httpd log in the middle of the night.
A whole bunch of entries in message and warning log written by postfix indicating that postfix not running.
Most curious of all is that when I tried to create files as root, I learned that the system was read-only. I tried to create a file in the "/root" and "/" file systems.
Does any of this mean anything to anybody?
What exactly is in the log? How big is it? How big is root? /var? Your system probably wasn't broken into. There's probably something wrong. What does df tell you? -- Regards, Steven
participants (2)
-
Paul Grope -
Steven T. Hatton