My system was hacked
David Tonhofer
d.tonhofer at m-plify.com
Sun Nov 12 12:35:30 UTC 2006
Ong Ying Ying wrote:
> Someone hacked my system. All my user account cannot log-in except root.
>
> My passwd had !! in its second field for one user. Another user had !
> in the second field. What does this mean?
>
> How can this happen? What caused this?
>
Don't panic.
It's a convention that passwords that start with a '!' are 'invalid' -
no password that you enter can map to a hash that
starts with '!'
Here are notes I made a long long time ago:
==============
- When the password is an asterisk, nothing can match it.
- An exclamation mark means a password (or account) is locked via
usermod(8). Also, a single exclamation marks means that a account is not
allowed for logins. So a double exclamation makes sure that if it was
unlocked, it would still have an invalid passwd. Note that repeated
application
of usermod -U will remove all the exclamation marks but repeated
application
of usermod -L will still only yield a single exclamation mark.
- Note that 'locking out' may be best achieved using a no-login-shell
- Also, new users created with 'useradd' have the '!!' password
==============
What else makes you think the system was hacked?
More information about the redhat-list
mailing list