Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] Strange behaviour of SuSE
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Wed, 14 May 2003 23:50:49 -0800
  • Message-id: <200305142350.49997.jsa@xxxxxxxxxxxxxx>
On Wednesday 14 May 2003 22:35, Wolfgang Eul wrote:
> Hi there!
> I have a little problem with our Linux server and I don't know, if it's
> perhaps a security problem.
> We run a samba server with SuSE 7.3
> Last days, it behaves a little bit strange:
> At the first time, I wasn't able to login at the console with the root
> account. After entering the username root, nothing happens. From remote
> with ssh, I could login.
> Now, after some days, no root login is possible - even ssh says "access
> denied"
> When I login as normal user, I see two files in the root directory of the
> volume named "devory" and "slamet". I didn't create the files. They have
> the same date attribute and nearly the same time attribute.
> The server itself seems to work without problems.
> Is this a security problem, a hard disk problem or what else?

You've been hacked!!

Take the machine off the net immediatly because someone
else owns it, and godonly knows what they are doing with it.

Similar thing happened to my SuSE 7.3 box last week, and its
now running 8.2.

I still don't know how they got in, but I suspect it was via ssh-1
protocol, which for some reason I has not disabled.

John Andersen

< Previous Next >