TLUG Mailing List

Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: The aftermath of having one's server hacked.

To: tlug@example.com

Subject: Re: tlug: The aftermath of having one's server hacked.

From: Fredric Fredricson <fredric.fredriksson@example.com>

Date: Fri, 29 Jan 1999 00:12:52 +0100

Content-Transfer-Encoding: 7bit

Content-Type: text/plain; charset=us-ascii

References: <Pine.LNX.4.05.9901281008210.10344-100000@example.com>

Reply-To: tlug@example.com

Sender: owner-tlug@example.com
Chris Sekiya wrote:
> 
> On Wed, 27 Jan 1999, Scott Stone wrote:
> 
> > why is this better than 'linux single' from LILO (assuming that 'linux
> > single' hasn't been compromised by the hacker... or did I just answer my
> > own question?)
> 
> You just answered your own question.
> 
So how do you know that the b*strd in question did not replace
/bin/bash? 
Is there a way to know?

I would not trust any app that may run as root. Or any other app left on
the computer for that matter. Even if it seemed OK the intruder may have
fiddled with it.

I am certainly not a computer security expert, far from actually, but I 
would still recommend a complete re-install and keep only /etc/passwd,
/home/... and possibly some other configuration files that can be
easily validated (and, of course, replace any apps. on /home).

With both RedHat and Suse it is quite easy to force a reinstall. No
root passwd required for this. I am sure it is easy with most
distributions.

It is, of course, important to find out how the intruder got access to
your system but if he used a known loophole somewhere chances are pretty
high that it has been fixed in a recent distribution.

-Fredric

<p mode=rant>
I don't know what happened to the world. When I was a "hacker" in
the early 80's (on VAX/VMS systems) it was very important to never
destroy anything, it was OK to irritate the sysadm a little (leave 
a message in his login file, change his prompt etc) but never, never,
never destroy. Hey.. we did it for fun. How fun can it be to mess
up a system for someone you don't even know? --- eNuff ranting ----

-------------------------------------------------------------------
Next Technical Meeting: February 13 (Sat), 12:30 place: Temple Univ.
** presentation: XEmacs, by Steven Baur and Martin Buchholz
Next Nomikai: March 19 (Fri), 19:30   Tengu TokyoEkiMae 03-3275-3691
-------------------------------------------------------------------
more info: http://tlug.linux.or.jp                     Sponsor: PHT
References:

Re: tlug: The aftermath of having one's server hacked.
From: Chris Sekiya <chris@example.com>

Prev by Date: RE: tlug: ifconfig reports errors

Next by Date: tlug: Online casinos that give exact odds and gambling tips!

Prev by thread: Re: tlug: The aftermath of having one's server hacked.

Next by thread: Re: tlug: The aftermath of having one's server hacked.

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links