Re: Have I been hacked?

To: debian-user@lists.debian.org
Subject: Re: Have I been hacked?
From: Jerry Stuckle <stucklejerry@gmail.com>
Date: Fri, 09 Jan 2015 10:55:17 -0500
Message-id: <[🔎] 54AFF9E5.1020707@gmail.com>
In-reply-to: <[🔎] 20150109162948.GA17386@fever.havannah.local>
References: <[🔎] 20150106180456.GA8657@fever.havannah.local> <[🔎] CAAr43iPRs62MTvuru055NpjBf4qN-VFeY3Sh85=wpRTg5sudhg@mail.gmail.com> <[🔎] 20150108205345.GA4732@fever.havannah.local> <[🔎] 54AED87B.6050906@gmail.com> <[🔎] 20150109162948.GA17386@fever.havannah.local>

On 1/9/2015 11:29 AM, Danny wrote:
>> If you want to inspect further, I would suggest you look at each of the
>> jobs being run.  See if they are what you expect them to be.  Also check
>> your /etc/crontab and /etc/anacrontab to see what is in them.
> 
> I would love to investigate further but I am afraid I am not inclined towards
> forensics ... lol ... I am an Aircraft Engineer by trade not a Computer
> Scientist ... :) ... I played around with sleuthkit but that confused the living
> hell out of me ... lol ... I don't even know what to look for ... The server I
> have is a small community/family server that gives wireless access to poor
> families ... 
> 
>>
>> As for the attacks - I've seen a big uptake in the attacks over the last
>> couple of weeks.  The worst I've seen is > 100 IP's locked out in one 24
>> hour period.  They are coming from all over the world, although since
>> there are a lot of proxies (many of them from trojans/viruses installed
>> on unsuspecting machines), there's no easy way to tell what the real
>> origins are.
> 
> It's astonishing how quick they can find an IP ...
> 
>> I have permanently blocked the IP ranges of some of the worst offenders,
>> but the only real way to stop it is to take your machine off the
>> internet completely.
>>
>> Just ensure you're using good security practices - don't allow root
>> login, use long, random passwords, etc.  I also use a random character
>> strings for the login ids, as well as passwords  - just one more thing
>> for the hackers to have to figure out how to get around.
> 
> That's the problem right there ... random passwords ... lol ... but I will have
> to adapt ...
> 
> Thank You
> 
> 

Yes, randomizing your passwords is important - as is not using the same
password on multiple systems.  One trick I use is to take a long phrase
and use the first (or second or third...) letter of each word.  Then
capitalize certain characters.  For instance, if you used "To be or not
to be, that is the question".  Your password could be something like
2bOn2BtiTq (capitalizing every 3rd character).

It's a lot easier to remember a phrase than a bunch of random characters.

Jerry

Reply to:

References:
- Have I been hacked?
  - From: Danny <mynixmail@gmail.com>
- Re: Have I been hacked?
  - From: Joel Rees <joel.rees@gmail.com>
- Re: Have I been hacked?
  - From: Danny <mynixmail@gmail.com>
- Re: Have I been hacked?
  - From: Jerry Stuckle <stucklejerry@gmail.com>
- Re: Have I been hacked?
  - From: Danny <mynixmail@gmail.com>

Prev by Date: Re: Have I been hacked?
Next by Date: Re: Have I been hacked?
Previous by thread: Re: Have I been hacked?
Next by thread: Re: Have I been hacked?
Index(es):
- Date
- Thread