[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] I got hacked.........



Like I told a non-tech person when discussing computer security: "The only way 
to be 100% secure is to unplug your computer and put it back in the box it came 
in."

Other than that, you can just be cautious and careful.

- James

Quoting Max Pakhutkin <lists stumbledot org>:

> To add to all the good advice given so far on this topic, the best 
> philosophy to assume with regard to security is
> 1) you will never be totally secure, sooner or later something will get 
> compromised. This is actually true, not just a belief.
> 2) if you want to be secure most of the time you have to be really 
> paranoid about it. Not just 'hmm, let's see what the security journal 
> advices me to do this month?' but actually constantly thinking about it. 
> Things like, first thing you do after su'ing to root is run netstat -nap 
> | less and checking for things (that of course, implies that you run 
> tripwire every day or more often (on a scheduled basis) to make sure 
> netstat hasn't been tinkered with, it also assumes only root can execute 
> netstat along with most other network related utilities) and about a 
> hundred other things like that at the very least.
> 
> A common misconception people seem to have is expecting software to be 
> secure. It never is, just like you house never is anywhere close to 
> secure. Anyone can kick in your door and walk in. The only thing that 
> saves you most of the time is the fact that the incentive to kick in 
> your door is dramatically decreased by police activity. Not so on the 
> Internet.
> 
> To quote the CEO of Intel, "Only the paranoid survive".
> 
> Max
> 
> 
> Michael Cortes wrote:
> 
> >It would appear that someone used SSH to get into my system.  I decided to
> 
> >install sshd and stop telnet'ing because of the security risk, as soon as I
> do 
> >it, someone got in.
> >
> >Anyhow, here is what I suspect so far:
> >
> >1. when they got in, they created the user "cgi"
> >2. they added "unset HISTFILE" and "unset HISTSAVE" to the root's 
> >.bash_profile.  This casused root to not save the history so I couldn't see
> 
> >what was run as root.
> >3. logging is not happening.  I have checked my log files and the last
> entries 
> >are about the time I first detected the break in. 
> >
> >So my questions are:
> >
> >Did I do right by deleting the cgi user?  Was this user necessary?
> >How do I turn on logging back on?  I have no idea where to look.
> >What is a good/quick way to tell which users have no password set?
> >
> >Thank you,
> >
> >
> >
> >
> >Michael Cortes
> >Fort LeBoeuf School District
> >34 East 9th Street
> >PO Box 810
> >Waterford PA 16411-0810
> >814.796.4795
> >Fax1 814.796.3358
> >Fax2 978-389-1258
> >
> >
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN redhat com
> >https://listman.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
> >
> >
> 
> 
> 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 








[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]