Re: hacked my Linux Box
Hi,
"Dzuy M. Nguyen" <linux_dzuy@hotmail.com> writes:
> Someone hacked into my linux web server and caused some problems. I'm still
> trying to figure it out. Anybody have a good link for linux security?
www.securityfocus.com has some decent information, though the Javascript
they use is a PITA. Also, try www.rootshell.com or a dozen others which
have slipped my mind for now. You should find links from these two stites.
It's vitally important to keep abreast of the latest security updates,
especially for a production machine. I think debian-security@lists.debian.org
will carry all the security notices. Check the archives.
> I'm not sure how they got in, so any suggestions would be great.
A current favourite is ADMROCKS, if you're running DNS on that machine.
Take a look (based on potato) at /var/cache/bind and see if it's got a
file called ADMROCKS sitting in there. Versions of bind < 8.2.2P3 are
vulnerable (IIRC).
For a system that's purely a web server, the best bet is a dodgy CGI
script.
--
Graeme.
graeme+sig@mathie.cx
"Life's not fair," I reply. "But the root password helps." - BOFH
Reply to: