Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] Possible compromised service
  • From: John Bland <shrike@xxxxxxxxxxxxx>
  • Date: Tue, 17 Jul 2001 10:48:58 +0100 (BST)
  • Message-id: <Pine.LNX.4.31.0107171042480.13441-100000@xxxxxxxxxxxxxxxxxxx>
On Tue, 17 Jul 2001, d_lord wrote:

> Hi,
>
> Bit late perhaps but have you checked if those files aren't uploaded from a
> CDR, ZIP or something like that? Other question is it possible to gain local
> access to you server?

Yes, but during the day it would be seen and the place is locked at night.

The only really definite thing I do know is that they came in via the
network.

> Other possible reason as far as I know scp isn't logged by default so if
> someone has an account he could upload something. And you'r not able to find
> anything in the logs.

Using scp wouldn't explain the appearance of the files as being owned by
ftp.daemon. A normal user wouldn't be able to chown the files, you can't
log in as ftp, and if they had root I'd be highly surprised they haven't
used it.

Cheers,
JB

--
John Bland M.Phys (Hons) AMInstP / \ PhD Student & Sys Admin
Email: j.bland at cmp.liv.ac.uk / \ Condensed Matter Group
http://ringtail.cmp.liv.ac.uk/ / \ Liverpool University
"Hey, I wonder how much meat you get on a womble?" -- Eddie


< Previous Next >
References