 | View Full Version : Another attack?!? Ricky_1 03-25-2001, 06:30 PM I was working on my server in a telnet session, logged in as a user (not root). Than I had this message: Broadcast message from root (pts/0) Sun Mar 25 23:31:34 2001... who are you what is going on? How are they entering my system so easily? HELP!!!!!!!!! Kaith Sutai-Rustaz 03-25-2001, 10:07 PM ok, couple o questions: 1- is it your own box or are you a virtual client / reseller with/for someone? 2- are you supposed to have telnet access to your account? (some hosts disable that) you can type in w at the cmd prompt to get some extra info on whos there, and where they are logged in from. (I think) :) alexchie 04-16-2001, 11:46 PM hmm.... can you tell me, your's distribution linux ? You MUST patch your's server with the newer patch. Ricky_1 04-17-2001, 07:06 AM I was running Red Hat 6.2 with kernel 2.2.14 (buggy one!), now I've installed a new server with Red Hat 7.0, kernel 2.2.17 (security-bug-free, at least in theory...) and all the other updates (bind, cron etc.) I'm moving all sites away from the old server, as soon as I'll have finished I'll format the old server and re-install everything Ricky_1 04-17-2001, 06:24 PM Ok, 2.2.17 is buggy too :angry: I've now installed 2.2.19 lenix 04-18-2001, 02:06 AM Logging into any server through telnet over a network will basically allow anyone to sniff your password. This leads to other problems. You should setup sshd.... openssh rather. alexchie 04-18-2001, 02:34 AM please check ps ax... and then netstat, please post at here.... For exploit remote , you must see: BIND Wu-FTPD LPD inetd Sendmail please patch for new version or change =) BIND -->djbdns wu-ftpd --> Prfoftpd good luck:cartman: DHWWnet 04-21-2001, 07:56 PM Originally posted by Ricky_1 I was working on my server in a telnet session, logged in as a user (not root). Than I had this message: Broadcast message from root (pts/0) Sun Mar 25 23:31:34 2001... who are you what is going on? How are they entering my system so easily? HELP!!!!!!!!! like what everybody was saying, disable telnet! why would you even consider using it , use SSH instead. quite possibly that your box is already compromised :bawling: Ricky_1 04-22-2001, 04:04 AM Originally posted by elijah like what everybody was saying, disable telnet! why would you even consider using it , use SSH instead. quite possibly that your box is already compromised :bawling: The box IS compromised :bawling: , I've installed a new one with all the updates available, SSL Webmin and no telnet. I'm moving all the sites there, than I'll rebuild the old box. Live and learn... |