Re: hacked my Linux Box

To: debian-user@lists.debian.org
Subject: Re: hacked my Linux Box
From: Graeme Mathieson <graeme+usenet@mathie.cx>
Date: 02 May 2000 12:42:59 +0100
Message-id: <[🔎] sa6pur5uqik.fsf@scooby.mathie.cx>
References: <[🔎] 20000502045603.91669.qmail@hotmail.com>

Hi,

"Dzuy M. Nguyen" <linux_dzuy@hotmail.com> writes:

> Someone hacked into my linux web server and caused some problems.  I'm still
> trying to figure it out.  Anybody have a good link for linux security?

www.securityfocus.com has some decent information, though the Javascript
they use is a PITA.  Also, try www.rootshell.com or a dozen others which
have slipped my mind for now.  You should find links from these two stites.
It's vitally important to keep abreast of the latest security updates,
especially for a production machine.  I think debian-security@lists.debian.org
will carry all the security notices.  Check the archives.

> I'm not sure how they got in, so any suggestions would be great.

A current favourite is ADMROCKS, if you're running DNS on that machine.
Take a look (based on potato) at /var/cache/bind and see if it's got a
file called ADMROCKS sitting in there.  Versions of bind < 8.2.2P3 are
vulnerable (IIRC).

For a system that's purely a web server, the best bet is a dodgy CGI
script.

-- 
Graeme.
graeme+sig@mathie.cx

"Life's not fair," I reply. "But the root password helps." - BOFH

Reply to:

References:
- hacked my Linux Box
  - From: "Dzuy M. Nguyen" <linux_dzuy@hotmail.com>

Prev by Date: Re: Re[2]: Emacs - was Re: Mail/news software
Next by Date: Linux Anti-virus program for Windows
Previous by thread: Re: hacked my Linux Box
Next by thread: Re: Proprietary CD ROM Controller
Index(es):
- Date
- Thread