Re: My machine was hacked - possibly via sshd?
On Tue, 2005-03-29 at 07:25 +1000, Malcolm Ferguson wrote:
> Thanks for all the feedback everybody. It looks like an ssh dictionary
> attack discovered a weak password, followed by a local root exploit
> against an out-of-date kernel. From now on I will be sticking with an
> official Debian stable one.
>
> Alvin,
>
> I made a tar of the filesystem and put it on another machine before I
> rebuilt. Hence I've been able to revist the logs. It's a closed case
> though: I don't have the time to figure out what changed etc. I
> certainly haven't got the time to go and break the kneecaps of the
> script kiddies who did this. A very good lesson for me.
>
> I'm curious though about your statements telling me that everything I
> have is old and that I should be using new versions. This makes me ask:
> what is the point of Debian stable? Everything but the kernel was a
> Debian stable package with all the latest security patches.
Your kernel is old. That's for starters. 2.4.30 is in rc2 now. It
alone fixes some security issues. 2.4.18 is ancient, and there's most
probably been like 20 or so kernel exploits since it's released, all
fixed by newer kernel versions.
Dave
> Malc
>
> Alvin Oga wrote:
>
> >hi ya malcolm
> >
> >
> <snip>
>
Proud Libranet GNU/Linux user
Libranet The TOP Libranet distribution
http://www.libranet.com/
Download your free trial of Libranet 2.8.1 today!
Reply to: