[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] I got hacked.........



Michael,
	jim is right - start from scratch, and think hard if you really
need sshd configured to use passwords. it is a pain in the butt to go ony
with keys posted to authorized_keys files, but it is a lot safer. you may
also rethink the frequency of changes of root password. julius

On Tue, 9 Apr 2002, Michael Cortes wrote:

> It would appear that someone used SSH to get into my system.  I decided to
> install sshd and stop telnet'ing because of the security risk, as soon as I do
> it, someone got in.
>
> Anyhow, here is what I suspect so far:
>
> 1. when they got in, they created the user "cgi"
> 2. they added "unset HISTFILE" and "unset HISTSAVE" to the root's
> .bash_profile.  This casused root to not save the history so I couldn't see
> what was run as root.
> 3. logging is not happening.  I have checked my log files and the last entries
> are about the time I first detected the break in.
>
> So my questions are:
>
> Did I do right by deleting the cgi user?  Was this user necessary?
> How do I turn on logging back on?  I have no idea where to look.
> What is a good/quick way to tell which users have no password set?
>
> Thank you,
>
>
>
>
> Michael Cortes
> Fort LeBoeuf School District
> 34 East 9th Street
> PO Box 810
> Waterford PA 16411-0810
> 814.796.4795
> Fax1 814.796.3358
> Fax2 978-389-1258
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]