[100536] in RedHat Linux List
Re: Hacked! :(
daemon@ATHENA.MIT.EDU (David E. Fox)
Sat Nov 21 16:26:15 1998
From: "David E. Fox" <dfox@belvdere.vip.best.com>
To: redhat-list@redhat.com
Date: Sat, 21 Nov 1998 13:24:21 -0800 (PST)
Reply-To: dfox@belvdere.vip.best.com
In-Reply-To: <3657284F.884CC9DF@nook.net> from "Ramon Gandia" at Nov 21, 98 11:53:35 am
Resent-From: redhat-list@redhat.com
> UNIXMAN wrote:
> >
> > did you se a password for root? <G> How have they been breaking in to
> > your systems so easily?
>
> A few ways that I can think of.
Here, I noticed an open account (www / http) and I quickly
plugged that hole. It seems the perp got in through that,
and then somehow(?) set up some users in the /etc/passwd
file. Last activity I saw was the perp had uploaded the
'rootkit' breaking tool and started to attempt to configure/
install it. But, if he had root access, why bother to do
something using rootkit? And AFAIK, only root can add
new users...
> Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
> 285 West First Avenue rfg@nook.net
> P.O. Box 970 tel. 907-443-7575
> Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
------------------------------------------------------------------------
David E. Fox Tax Thanks for letting me
dfox@belvdere.vip.best.com the change magnetic patterns
root@belvedere.sbay.org churches on your hard disk.
-----------------------------------------------------------------------
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
