Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] Possible compromised service
  • From: John Bland <shrike@xxxxxxxxxxxxx>
  • Date: Tue, 17 Jul 2001 10:48:58 +0100 (BST)
  • Message-id: <Pine.LNX.4.31.0107171042480.13441-100000@xxxxxxxxxxxxxxxxxxx>
On Tue, 17 Jul 2001, d_lord wrote:

> Hi,
> Bit late perhaps but have you checked if those files aren't uploaded from a
> CDR, ZIP or something like that? Other question is it possible to gain local
> access to you server?

Yes, but during the day it would be seen and the place is locked at night.

The only really definite thing I do know is that they came in via the

> Other possible reason as far as I know scp isn't logged by default so if
> someone has an account he could upload something. And you'r not able to find
> anything in the logs.

Using scp wouldn't explain the appearance of the files as being owned by
ftp.daemon. A normal user wouldn't be able to chown the files, you can't
log in as ftp, and if they had root I'd be highly surprised they haven't
used it.


John Bland M.Phys (Hons) AMInstP / \ PhD Student & Sys Admin
Email: j.bland at / \ Condensed Matter Group / \ Liverpool University
"Hey, I wonder how much meat you get on a womble?" -- Eddie

< Previous Next >