Results 1 to 7 of 7
Thread: backdoor
-
06-06-2005, 08:45 AM #1Junior Guru Wannabe
- Join Date
- Mar 2002
- Posts
- 54
backdoor
I have a quarrel with someone which previously has root access to my server. I don't trust him anymore, and I'm worried that he could have installed some sort of backdoor. I'm a relative Linux novice, how can i make sure that no backdoor are installed?
-
06-06-2005, 09:28 AM #2Web Hosting Master
- Join Date
- Apr 2003
- Location
- San Jose, CA.
- Posts
- 1,624
Reinstall the OS
-
06-06-2005, 09:34 AM #3Retired Moderator
- Join Date
- Oct 2004
- Location
- Southwest UK
- Posts
- 1,175
you could:
firewall his IP, but then he could connect from a different one.
remove his userid and change all passwords, but he could have installed a rootkit that allows him access anyway.
All in all, the only sure way is to reinstall the OS. Search WHT for people who will do this for you, or for people who will secure your server after you've asked your host to reinstall the OS. Make sure you have a backup first of course.
-
06-06-2005, 09:41 AM #4Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
i dont see how a firewall would even matter if its been rootkitted.
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
06-06-2005, 09:43 AM #5Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
Will installing and running rkhunter help?
-
06-06-2005, 10:43 AM #6Junior Guru Wannabe
- Join Date
- Mar 2002
- Posts
- 54
I'm not THAT novice, I actually could reinstall the OS by myself, but i really would like to avoid that, I just went to that process a couple of weeks ago, and still haven't set up everything again.
I also suceeded in installing rkhunter, that was exactly what I was looking for, thanks! It says I'm clean, how secure am I now?
-
06-06-2005, 12:10 PM #7Junior Guru
- Join Date
- Oct 2003
- Location
- Long Island, New York
- Posts
- 220
Insecure, unless the guy you had a quarrel with was actually a decent guy and left the server alone. Unfortunately rkhunter can't possibly be able to detect the infinite ways root access can be backdoored.
You don't even need a rootkit to retain root access to a server. Rootkits are great at hiding processes, files, and remote accesses, but there are always ways, especially if the attacker has some savvy.TWSites.com - Business Web Hosting Solutions & Server Management Since 2003