[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: My machine was hacked - possibly via sshd?

Thanks for all the feedback everybody. It looks like an ssh dictionary attack discovered a weak password, followed by a local root exploit against an out-of-date kernel. From now on I will be sticking with an official Debian stable one.


I made a tar of the filesystem and put it on another machine before I rebuilt. Hence I've been able to revist the logs. It's a closed case though: I don't have the time to figure out what changed etc. I certainly haven't got the time to go and break the kneecaps of the script kiddies who did this. A very good lesson for me.

I'm curious though about your statements telling me that everything I have is old and that I should be using new versions. This makes me ask: what is the point of Debian stable? Everything but the kernel was a Debian stable package with all the latest security patches.

With your suggestions and those from others, I have some more ideas about how to harden this machine. I've also been looking (again) at the securing Debain manual, but I think some of it is out of date (written for Debian 2.2???).


Alvin Oga wrote:

hi ya malcolm

Reply to: