| |
| |
| |
|
Page: 1 2 3 4 5 6
Comments:
<0> RISCx2: you're sporting parisc!?!?! sweet... never knew anyone with a pa box... I'm running an UP2000... alpha
<0> OptimusPrime- VERSION xchat 2.6.2 Linux 2.6.16.1 [alpha/508.00MHz]
<1> hi room
<1> I'm using redhat to run my websever. I loaded it, got it to work and promptly stopped thinking about it. After 3 years, I got hacked. He keeps being able to get in. I don't know enough about security to find the holes he's made to get in. I think I need to reload the operating system. How hard is that?
<1> Can I reload the os and still keep my files?
<1> I noticed the time stamp on the sshd binary had changed. Could that be corrupted?
<1> Can I just upload that?
<0> desk12345: three years? have you considered upgrading and running prelink to help prevent buffer overflows and the like?
<1> Not a clue.
<0> desk12345: why don't you give it a shot and check you're logs and see what program he's using and what accounts he may have tried to create?
<1> What's SSHD? It says Secure Shell Daemon?
<1> I've deleted the accounts he added and changed all the p***words.
<0> desk12345: sure is...probably needs an update...there was an issue with it a year a so a go that was pretty bad
<1> of the existing ones. but somehow He logged in and changed root. I rechanged root
<1> It = sshd?
<0> desk12345: ah, yea
<1> So it would not be a good idea to, in a fit of rage, to delete the sshd app?
<1> Optimus, by the way, looking forward to your new movie.
<0> desk12345: na and especialy NA if you're using it at the time
<0> desk12345: they've been talking about the new transformer movie for sometime
<1> Some day it will be finished.
<0> desk12345: try updating sshd to the latest and perhaps running prelink to make sure everything is a little more secure
<1> Where would I find both of those?
<0> !sshd
<2> i heard sshd is well see ssh
<0> www.openssh.org
<0> !ssh
<2> hmm... ssh is the Secure SHell protocol - originally a commercial-but-free-for-non-commercial-use package from http://www.ssh.fi, but since overtaken by the BSD licensed OpenSSH package from the OpenBSD project. Almost all distributions ship with the openssh package. See sshtips, see also putty and mindterm for non-Linux clients
<0> desk12345: correction: http://openssh.com
<1> Worth a try.
<0> desk12345: you runnign redhat enterprise edition? they can provide you help
<1> where are access logs usually kept? ***uming he didn't erase them?
<0> desk12345: /var/log/messages and /var/log/maillog and /var/log/security, etc
<1> No, not runnning enterprise
<1> one last question for the moment. Add/Remove packages interface, you think deleting and reinstalling SSHD from there would restore it, and if so, where would I find sshd in the interface.
<0> desk12345: nope, if it has a bug/flaw, reinstalling it won't do anything but reinstall that particular glitch
<1> My server was fine, until last month. I was at a convention and stupidly used a unencrypted wireless connection to the hotel to access my web server, My p*** was captured. My account at the time had root access. They could do anything.
<1> I accessed my web mail. They got my p*** from that.
<0> Demonen: ouch...sounds like you have a problem... they could have installed something like a rootkit.. personally, I would update all the server apps that have access to the internet and fire up your firewall [using something like firestarter for one] and close or restrict access to most of your ports...leave the webserver open but limit sshd and what not, to specific ip ranges of your computer...that will definately make it hard for him
<0> !rootkit
<2> i heard rootkit is a set of tools that replace the standard Unix utilities like ls and ps in order to hide certain files and processes from the admin. It is a good thing to have a copy of these tools on disk, but that only helps against the weaker rootkits (that don't modify the kernel in place).
<0> Demonen: that was for desk12345 *oops*
<1> yeah, I"m afraid of a root kit change. I turned off the vsftpd app, but the hacker was able to change files anyway.
<0> desk12345: is he using the same ip?
<1> hummmm. I think so.
<1> let me check.
<0> desk12345: well do like i side... install firestarter and fire up your firewall and put it to work... limit access to your local services [sshd/telnet/etc.], leave port 80 open for your webserver... and allow only remote access to things like sshd from your ip or ipblock? that would be a good start.. and update apache and vsftpd while you're at it
<0> desk12345: netstat -l
<0> desk12345: will give you a list of 'listening' services
<0> desk12345: or netstat -lt
<0> desk12345: would be more accurate
<3> what is the /proc directory for?
<1> Oh netstat has all sorts of stuff. very little of which I understand.
<1> off to google search
<0> Z60t: kernel related 'stuff'
<3> whats the linux command to show system memory
<0> free
<1> What does something like "tcp 0 0 *:32788" mean?
<3> that concludes my questioning
<0> tcp is the type of connection 0 is sent, 0 is received, *: means unknown service 32788 is the port
<1> Unknown service? That doesn't sound good.
<1> I have 7+ of those
<0> desk12345: whoa, trying googling... it can literally be almost anything if its a hack... like i said, you NEED to setup a firewall and start restricting access
<0> desk12345: block off all those 'funky ports and the like
<1> will do.
<0> !firestarter
<2> I am the firestarter! Twisted pair firestarter!, or http://firestarter.sourceforge.net/
<0> http://www.fs-security.com/
<0> desk12345: with one click, I can literaly make my computer invisible on the net..plus it can show connections and report attacks
<1> cool. i've downloaded the file to my PC, My Linux Server is not on the net. Where on the linux box do I put *.rpm files for the installer to find it?
<0> desk12345: anywhere you can find it... just use: rpm -ivh <name.rpm>
<0> !yum
<2> yum is, like, an automatic updater and package installer/remover for rpm systems. See http://www.linux.duke.edu/projects/yum/, or the standard package management tool for CentOS, Fedora Core, and Red Hat Enterprise Linux 5
<1> thanks
<0> desk12345: unfortunately I don't have 'yum'...I"m running an Alpha and have never used it
<0> desk12345: so I can't tell you what commands to use with that one... to get it to install firestarter and any dependencies you might be missing
<1> thanks for the help!
<0> desk12345: did you get firestarter up and running?
<1> not yet, but it says I need vfs2 1.6.0 and gtk1 2.4.0
<1> I guess I need to download them also.
<1> it's really late, so I'm going to have to start again in the morning.
<0> desk12345: if you use yum, it will install those for you as well
<0> desk12345: i understand, talk to you in a bit then... it's getting late here as well
<0> desk12345: if you compile it from source, it will built specifically for your box and you won't need all the dependencies... just a little FYI
<1> I have a lot of learning about linux, that I don't have time to do right now.
<0> desk12345: I know what you mean
<0> desk12345: we'll be here ;-) all 88+ plus of us
<1> All I can say, hackers should be, well, not killed but beaten severely.
<4> why?
<0> desk12345: hehehe
<1> I've spent hours and hours in cat and mouse with the !@#$!#$@% invader who's messing with my server.
<4> lol
<4> thats not a hacker
<4> thats a script kiddie
<1> At the very least, I'd like to hit him repeatedly wiht a taser.
<1> Ok, script kiddie then.
<0> desk12345: nothing wrong with 'hackers'... they keep your system fresh and up to date ;-)
<1> (grin)
<1> later
<5> any kow any decent software to use with a imation disc stakka
<5> know
<6> hello i need help. I have motorola canopy antena, two different isp dsl (users), and linux router. I created ppp0 and ppp1 connections, i bring up ppp0 but i cant bring up ppp1 it always report error
<6> what should i do
<6> can i start 2 connections at the same time ??????????????
<7> goodmorning . i did set up an apache2 last night. the problem is that i can access it only through port :443 , could be that my isp is blocking port 80 ?
<7> or am i doing something wrong ? on ports , 80 is added
<7> i dont mind about the port actually, but mostly if the webpage can be accessed without the :443 ending
<8> firewall status?
<7> well , on the router port 80 tcp are forwarded (not udp) , as also 443
<9> Wow, why is yum segfaulting...
<6> can i start 2 ppp connections at the same time
<6> ??????????
<8> Unlikely.
<8> but I have been proved wrong.
<6> why
<8> by the way, not so many question marks, eh?
<7> i think yes, but not 100% sure
<8> makes you look silly.
<8> And I'm not sure about the ppp thing - I've never tried running two at one go.
<6> :(
<7> ehm, a last question for now. why when restarting apache2 i get the message: apache2: Could not determine the server's fully qualified domain name, using 127.0.1.1 for ServerName .
<7> The server restarts without any error
<8> A-L-A-R-M: do you have "Listen :80" ?
<7> i mean if it was 127.0.0.1 , i wouldnt ask my self that much , but *.1.1 ?
<8> or do you have "Listen some-name-here:80" instead?
<7> yes Viking667 , but somehow it doesnt connect on port 80
<7> only on 443
<8> m.
<7> thats why i wondered if it could be my isp blocking it
<8> It's vaguely possible, I guess.
<7> good... is it a way to access the wepage without entering a port ?
<0> A-L-A-R-M: nope....but you can connect to it locally, if its up and running
<8> uhmmm, port 80 is the standard port for http
<9> Why does yum keep segfaulting :(
<9> I think it's RPM.
<7> well, localy indeed its not a problem OptimusPrime .
<0> A-L-A-R-M: check you local firewall and see if it is allowing port 80 connections, then check you hub and make sure its directing all traffic from port 80 to that particular machine, if both of those are set correctly, its probably your isp... a lot of them block port 80 and 21.
<7> OptimusPrime, the router forwards port 80. i added it . but as i mentioned before i forward only tcp
<8> A-L-A-R-M: just so you know, I can't connect to your port 80
<7> OptimusPrime, but with 443 it works
<7> Viking667, i know that u cant, else i wouldnt be asking dude :)
<0> A-L-A-R-M: sounds like it might be an isp problem
<7> OptimusPrime, port 21 is not ap roblem, fpt ruuns normaly
<0> A-L-A-R-M: try moving it from port 80 to port 81 and connecting.. if that works then its probably your isp
<7> momento...
<7> yeap, it works
<8> A-L-A-R-M: and, by the way, connecting to your port 443 comes up with a ssl error.
<0> A-L-A-R-M: yep, its your isp
<9> god damnit.
<7> Viking667, what kind of error ?
Return to
#linuxhelp
or
Go to some related
logs:
What seven man group from Camden Town became the pop success of 1980
#chatzone
Jerry lewis telethone
#windows
#AllNiteCafe
iptables utorrent
#c++
liba ta mara
medeea undernet
linux save iwconfig ubuntu
|
|