 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
David Kramer wrote: > Bill Horne wrote: >> Grant M. wrote: >>> [snip] >>> The Ubuntu Enterprise server we're using was compromised on a >>> non-priviledged account once, but there isn't anything installed that >>> the user could use, so no worries. >> [snip] >> >> While we're on the subject, how did you find out? > > The first symptom was I was having problems with MySQL, which > eventually led to my website not working. > > In the end, the point of origin was almost definitely an exploit in > Zimbra, which is a web-based collaboration tool I installed to check > out, but never used. I found all sorts of subtle hints, like a new > zimbra user, which ended up in the /etc/sudoers file, and it was in > the uucp group and the wheel group. > > The attack appears to have happened about three days after I installed > Zimbra, too. Has anyone used a fingerprint verification scheme to check for hacks? Would it have caught this? TIA. Bill -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
