 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Tue, 27 Mar 2001, Chris Janicki wrote: > Hi, I'm brand new to Linux, although I know Solaris. I was working on my > brand new Red Hat 6.2 Linux machine (soon to be my web server, email > server, etc.) when I noticed an email returned to root. It was from > Yahoo, saying that the destination's email box was full. The subject of > the email was my IP address! Knowing that I hadn't sent any email, I did > 'grep yahoo /bin/*' and found that email address in login, ps, ls, and > netstat. I've been hacked, right?! > > 1) What can I do to replace those files? I spent many hours configuring > box, so I don't want to start from scratch. > > 2) Is there anywhere else I should look for problems? > > 3) Is there any particular hole in RedHat 6.2 that I need to address. > (It was preconfigured on the machine I bought from Penguin, in December.) Take this advice from one who learned the hard way. You need to reformat the hard drive and start over. You have no idea what files were left behind or altered. As Sigorney Weaver says, "Nuke 'em from orbit. It's the only way to be sure". It's sad, it's a lot of work, but they almost always leave hidden ways back into your system. You may want to copy off some text-only files (config, mail, cron, web content) from your system before doing that, but make sure they're clean. Sorry, dude. No other way. And here's the lesson to be learned: ALL linux distributions from ALL vendors more than a few weeks old have a whole host of packages that were deemed to have security holes in them, often very serious ones. It is essential that once you've installed Linux, you go back to your vendor and install any updates to packages you are using immediately. And keep on top of it, installing updates as they come out. You know the crackers are watching the security lists. Check out: http://linuxsecurity.com linux-security at redhat.com bugzilla at redhat.com comp.os.linux.security http://www.freshmeat.net ------------------------------------------------------------------- DDDD David Kramer http://thekramers.net DK KD DKK D "All my life, I always wanted to be somebody. DK KD Now I see that I should have been more specific." DDDD - Lily Tomlin - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
