[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Have I been hacked?

> If you want to inspect further, I would suggest you look at each of the
> jobs being run.  See if they are what you expect them to be.  Also check
> your /etc/crontab and /etc/anacrontab to see what is in them.

I would love to investigate further but I am afraid I am not inclined towards
forensics ... lol ... I am an Aircraft Engineer by trade not a Computer
Scientist ... :) ... I played around with sleuthkit but that confused the living
hell out of me ... lol ... I don't even know what to look for ... The server I
have is a small community/family server that gives wireless access to poor
families ... 

> 
> As for the attacks - I've seen a big uptake in the attacks over the last
> couple of weeks.  The worst I've seen is > 100 IP's locked out in one 24
> hour period.  They are coming from all over the world, although since
> there are a lot of proxies (many of them from trojans/viruses installed
> on unsuspecting machines), there's no easy way to tell what the real
> origins are.

It's astonishing how quick they can find an IP ...

> I have permanently blocked the IP ranges of some of the worst offenders,
> but the only real way to stop it is to take your machine off the
> internet completely.
> 
> Just ensure you're using good security practices - don't allow root
> login, use long, random passwords, etc.  I also use a random character
> strings for the login ids, as well as passwords  - just one more thing
> for the hackers to have to figure out how to get around.

That's the problem right there ... random passwords ... lol ... but I will have
to adapt ...

Thank You
Reply to: