Sander van Vugt wrote:
Sorry, but this isn't the answer I hoped for. When someone comes into my house, because I left the front-door wide-open, in know the cause (front-door wide open), the weak spot (it was open) and the results (credit cards etc. gone). In this case anyone knows exactly that the week spot is my door being open. It isn't obvious to me that my being logged in as root is a week spot.
Oh, you want a technical answer... Do a ps aux from the command line or use KTop to look at all of the services you have running on your box. Do you see a couple of services marked 'httpd'?? That is the http deamon, which is running in memory and has attached itself to port 80 and listens for clients on that port. (You can view /etc/services to see all the port numbers and what services are attached to them.) Some pimple-faced anti-social script kiddie downloads some 'tools' from a cracker site and runs them. He scans the ports on your box and make connections with your port 80. Or perhaps your ftpd port. Then he transfers some trojan software to your box and and runs it. Or, he opens up a remote terminal on your box. You are running as root, so that means he is too. If you were running as a user the cracker would have to try and break into the root account in order to take over your box. That is above the abilities of most script-kiddies. Failing that, the best the script-kiddie can do is destroy your account and account files, after he robs you blind. The trojan software, usually with names identical to Linux system utilities like 'ls', will do what you would think 'ls' would do, but it has additional capabilities: emailing your password file back to the script-kiddie, stealing your personal info, or just doing malicious damage. Do you have cookies in your netscape subdirectory that perhaps contains your credit card numbers? Well, I hope you get the idea. Never run your system as root, even if you never connect to the internet... remember Jon's story of the tired user who executes the rm command and blows his entire directory structure away? JLK -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/