Re: My machine was hacked - possibly via sshd?
Thanks for all the feedback everybody. It looks like an ssh dictionary
attack discovered a weak password, followed by a local root exploit
against an out-of-date kernel. From now on I will be sticking with an
official Debian stable one.
I made a tar of the filesystem and put it on another machine before I
rebuilt. Hence I've been able to revist the logs. It's a closed case
though: I don't have the time to figure out what changed etc. I
certainly haven't got the time to go and break the kneecaps of the
script kiddies who did this. A very good lesson for me.
I'm curious though about your statements telling me that everything I
have is old and that I should be using new versions. This makes me ask:
what is the point of Debian stable? Everything but the kernel was a
Debian stable package with all the latest security patches.
With your suggestions and those from others, I have some more ideas
about how to harden this machine. I've also been looking (again) at the
securing Debain manual, but I think some of it is out of date (written
for Debian 2.2???).
Alvin Oga wrote:
hi ya malcolm