Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)

[Karsten Dambekalns <Karsten@k-fish.de>]

Hi.

On Thursday 21 July 2005 20:31, Andras Got wrote:
> The users, the ones the machines was hacked, were they existing users on
> the machine?

I don't know which user account got hacked, if this was what has happened.

> Do you use AllowUsers or AllowGroup?

No. I hate to admit I didn't know that this is possible. Take back the newbie 
statement I made earlier. But if a legitimate user account got hacked, this 
wouldn't have helped, right?

> Do you use DSA/RSA key only auth method?

Now I do. And it will stay that way, customers have to step back.

> 2.6.7 is vulnerable, 2.4.18 is also... use vanilla kernels with grsec!

Now I know. Seems reading bugtraq and the Debian security announce isn't 
enough. Or I started to late. Or I read too fast. :(

Karsten
-- 
This email is ROT26 encrypted, by reading it you are in violation of the
DMCA, and should turn yourself in to the authorities immediately.
                                                           (Chris Berry)