Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
On Thursday 21 July 2005 20:31, Andras Got wrote:
> The users, the ones the machines was hacked, were they existing users on
> the machine?
I don't know which user account got hacked, if this was what has happened.
> Do you use AllowUsers or AllowGroup?
No. I hate to admit I didn't know that this is possible. Take back the newbie
statement I made earlier. But if a legitimate user account got hacked, this
wouldn't have helped, right?
> Do you use DSA/RSA key only auth method?
Now I do. And it will stay that way, customers have to step back.
> 2.6.7 is vulnerable, 2.4.18 is also... use vanilla kernels with grsec!
Now I know. Seems reading bugtraq and the Debian security announce isn't
enough. Or I started to late. Or I read too fast. :(
This email is ROT26 encrypted, by reading it you are in violation of the
DMCA, and should turn yourself in to the authorities immediately.