Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] My server got hacked? Anyoen seem this?
  • From: Allen <gorebofh@xxxxxxxxxxx>
  • Date: Thu, 10 Mar 2005 23:35:45 -0500
  • Message-id: <20050311043545.GD29886@xxxxxxxxxxxxxxxxxxxxxx>
On Thu, Mar 10, 2005 at 01:35:19PM -0600, Henry Tang wrote:
> Thanks alot for the info.
>
> I will run that.. I looked at my mail log and only two emails were sent
> out, and both got bounced, unless the mail log got cleaned. Luckily this
> is just some home server for fun, so nothing important, but would like
> to figure out what happened.
>
> henry
>
> Randall R Schulz wrote:
>
> >Henry,
> >
> >On Thursday 10 March 2005 11:18, Henry Tang wrote:
> >
> >
> >>The example i gave is bad. It is more like this
> >>
> >>http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-06/04
> >>73.html
> >>
> >>I didn't want to post the email my server was trying to send out
> >>because it includes the /etc/passwd file so I posted examples i found
> >>on the net. Apprently root tried to send out couple of emails to
> >>unknown users of yahoo and other email address as well. The email was
> >>bounced and that is how i found out. :( I am not in the competition.
> >>:(

LOL, ummm, when a mail tries sending the passwd file to another mail
addy.... I think it's time to learn a little about security.

first, is the machine updated when patches get released? Is the firewall
up?

Are you running services you don't actually need? those are my first guess.

Next up:

Do you run as root a alot?

This is the most common problem for home users.

Next up start looking in /dev, could be hidden things there. But I only
recommend this if you are positive you won't screw up.





> >>
> >
> >
> >Are you running RootKit Hunter? If not, you should. You stand a good
> >chance of knowing promptly when someone has established a toehold on
> >your system.
> >
> >One regular participant here, Patrick Shanahan, kindly provides
> >up-to-date builds in RPM form.
> >
> >To wit:
> >
> >-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
> >On Tuesday 22 February 2005 05:21, Patrick Shanahan wrote:
> >
> >
> >>rkhunter -1.2.1-1.noarch.rpm is available for download:
> >> http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.noarch.rpm
> >> http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.src.rpm
> >> http://wahoo.no-ip.org/~pat/rkhunter-1.2.1.tar.gz
> >>
> >>Project description:
> >>Rootkit Hunter scans files and systems for known and unknown
> >>rootkits, backdoors, and sniffers. The package contains one shell
> >>script, a few text-based databases, and optional Perl modules. It
> >>should run on almost every Unix clone.
> >>
> >>The changes in this release are as follows:
> >>This release adds support for Mandrake 8.1, FreeBSD 5.3, and
> >>Slackware 10.1. It has support for Fink, updated MD5 hashes, updated
> >>packages, improved logging, improved output, and several bugfixes.
> >>
> >>Release focus:
> >>5 - Minor feature enhancements
> >>
> >>Changelog
> >>Below is the changelog of Rootkit Hunter. It will contain changes of
> >>early released versions and the active development version.
> >>
> >>
> >>Current public version: 1.2.1
> >>Current development version: 1.2.2 (not available yet)
> >>
> >>
> >-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
> >
> >
> >To find the full post, search for the subject "[SLE]
> >rkhunter-1.2.1-1.noarch.rpm available" in the February 2005 archive.
> >
> >
> >
> >
> >>...
> >>henry
> >>
> >>
> >
> >
> >Randall Schulz
> >
> >
> >
>
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx
>
>

< Previous Next >