Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] My server got hacked? Anyoen seem this?
  • From: Anders Johansson <andjoh@xxxxxxxxxx>
  • Date: Thu, 10 Mar 2005 20:31:54 +0100
  • Message-id: <200503102031.54749.andjoh@xxxxxxxxxx>
On Thursday 10 March 2005 20:18, Henry Tang wrote:
> The example i gave is bad. It is more like this
>
> http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-06/0473.htm
>l
>
> I didn't want to post the email my server was trying to send out because
> it includes the /etc/passwd file so I posted examples i found on the
> net. Apprently root tried to send out couple of emails to unknown users
> of yahoo and other email address as well. The email was bounced and that
> is how i found out. :( I am not in the competition. :(

And is your machine a red hat machine?

If your machine tries to send out that email, then it does indeed look like
you have been hacked. The information you give isn't nearly enough to say how
it was done though.

What OS is the machine running? Is it patched with all available security
updates? Which services are you running on it?

Since the mail was never sent I suspect it hasn't been "owned", but just
caught by an automated script of some description. I would hazard a guess
that the log files haven't been cleaned, so you should still be able to find
traces of how they got in through them.

If this machine is in production use, I would recommend that you let someone
look at it who knows about security.

< Previous Next >
Follow Ups