[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: HELP!!!: HACK ATTEMPT

From: 187 leopard com
To: redhat-list redhat com
Subject: Re: HELP!!!: HACK ATTEMPT
Date: Tue, 02 Mar 1999 15:16:56 -0700

Agreed, pull this box AND any others on the network that it trusts, or
TRUST it. off the network asap.

Maybe send copies of the log files for those interested on the list to help
you figure out what happend.
Only send them per-request.. we don't need to overload with huge log
attatchments. I for one would be interested in checking them out. However
they have probobly already been altered by whoever hacked them.

-aaz
At 03:37 PM 3/2/99 -0500, you wrote:
>On Mon, Mar 01, 1999 at 07:03:46PM -0800, Ralph Guzman wrote:
>: 
>: Since this morning I've been receving emails from administrators arount the
>: country reporting a hack attempt into their systems, using one of our
>: domains. I am a bit new to linux administration, therefore I don't know too
>: much about security issues. I desperatley need help on how I can stop this.
>: The following are log files that some administrators sent to me:
>: 
>: OS: Redhat Linux 5.0
>: Web Server: Apache 1.2.6
>
>If you're running RH 5.0, your box has most likely been owned already.
>
>You need to disconnect it from the network immediately.  Format the
>drives, install the latest version of RH from trusted media (like an 
>official CD), apply all of your patches, and then restore your data (NOT
>any executable software) from trusted backup media.
>
>Change every password on the box.
>
>Remove silly services you really don't need anyway.  This probably (for you)
>includes things like:
>
>finger
>rlogin
>rexec
>rsh
>talk
>ntalk
>uucp
>pop3  (If it's not a mail server)
>imap  ("	"	"    "  )
>anything else you don't need.
>
>Don't run unnecessary daemons.  Not running NFS?  Don't run the nfsd, lockd
>and mountd.  Not using any RPC services?  Nuke the portmapper too.  Not
>using the box as a print server?  Don't start the lpd.  Not a mail server?
>Don't run sendmail as a daemon.  You mentioned it's a web server, so you
>may need to have CGI apps that send mail, but you don't need to have
>sendmail as a daemon for that.
>
>-- 
>                 Jason Costomiris <><
>            Technologist, cryptogeek, human.
>jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 
>
>
>-- 
>  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>		http://www.redhat.com http://archive.redhat.com
>         To unsubscribe: mail redhat-list-request redhat com with 
>                       "unsubscribe" as the Subject.
>

References:
- HELP!!!: HACK ATTEMPT
  - From: Ralph Guzman
- Re: HELP!!!: HACK ATTEMPT
  - From: Jason Costomiris

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]