<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I too was cracked, but it was caused by weak passwords by users. I ran
rkhunter and it didn't find anything. The root wasn't compromised, but
a user was. The cracker created a directory of " " in /tmp, which
obviously doesn't show up. I'm reloading for piece of mind.<br>
As far as 4.2.x, I think it would be nice to have the ability to update
from newer files, but not as a defacto update, different repository
that could be enabled in apt or yum or up2date maybe?<br>
Mark<br>
<br>
Les Mikesell wrote:
<blockquote cite="mid1157508092.12650.9.camel@les-home.futuresource.com"
type="cite">
<pre wrap="">On Tue, 2006-09-05 at 16:46, Doug Simpson wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">I wouldn't do automatic updates either, but I do update
often and am not aware of any recent new Centos vulnerabilities.
Do you have any idea what happened?
</pre>
</blockquote>
<pre wrap="">I have no idea what happened other than that after the udatres, 4
updated servers got hacked and rootkits were installed. Different
rootkits on each one with different consequences.
</pre>
</blockquote>
<pre wrap=""><!---->
The thing I'd suspect first would be root password guessing - there
are a lot of scripted attempts happening on the internet now, and
that wouldn't be related to updates. Or perhaps some application
not part of the normal disto.
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Mark Gumprecht
MSAD3
Unity, Maine 04988
<a class="moz-txt-link-abbreviated" href="mailto:gumprechtm@msad3.org">gumprechtm@msad3.org</a></pre>
</body>
</html>