[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
RE: password help
- From: "Gregory Malsack" <gmalsack classic net>
- To: <enigma-list redhat com>
- Subject: RE: password help
- Date: Mon, 21 Oct 2002 10:17:50 -0500
Thanks for the advise. I really wanted to avoid doing that at this point
until I found out where the attack came from. I've been looking for clues
for about an hour or so. I don't think I'm going to find any though. As far
as the passwords and security go, How much harder can I make the passwords,
they were 8 characters long and were alpha numeric. as is 5n8d3lg8, or
something like that. Besides, from the point of the root kit, they obviously
didn't need them. But, the README file had some pretty good ideas as to how
to keep this type of thing from happening again. I'm downloading that
"StMichales..." thing know, and will definitely change the rw on my kmem
file. Any other suggestions that weren't in the README file that you might
want to add? I had my iptables configed, however from looking at this root
kit, the program can give a terminal on any port I leave open, so there's
really no protection against that, I have to leave 25, 110, 22, 53, and 80
open on this server because of it's tasks.
-----Original Message-----
From: enigma-list-admin redhat com
[mailto:enigma-list-admin redhat com]On Behalf Of Keith Mastin
Sent: Monday, October 21, 2002 10:07 AM
To: Enigma-List (E-mail)
Subject: Re: password help
On Mon, 21 Oct 2002, Gregory Malsack wrote:
> Hi All,
>
> Some one with nothing better to do hacked into one of my mom & pop
> customers FTP server using a program called SucKIT. In case you haven't
> heard of this before, I highly recommend looking it up at phrack.org and
> learning about it. I've even uploaded the README file if you would like.
It
> talks about ways to safeguard yourself from this type of attack. Anyways,
> can anyone tell me how to change the root password back to what it was? So
> we can log in and get things fixed?
How do you suppose to "fix" this machine? Someone already did that. I
suggest a complete new install after a disk format of all partitions, new
"hard" passwrods and more security on the ftp server in the future.
You have been root kitted. This is the most intrusive of attacks, and your
entire system is up for grabs. There are undoubtedly programs running that
are hidden deeply within other programs, replaced binaries and all sorts
of fun and games going on behind the scenes.
_______________________________________________
enigma-list mailing list
enigma-list redhat com
https://listman.redhat.com/mailman/listinfo/enigma-list
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]