Results 1 to 7 of 7

Thread: backdoor

  1. #1
    Join Date
    Mar 2002
    Posts
    54

    backdoor

    I have a quarrel with someone which previously has root access to my server. I don't trust him anymore, and I'm worried that he could have installed some sort of backdoor. I'm a relative Linux novice, how can i make sure that no backdoor are installed?

  2. #2
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,624
    Reinstall the OS

  3. #3
    Join Date
    Oct 2004
    Location
    Southwest UK
    Posts
    1,175
    you could:

    firewall his IP, but then he could connect from a different one.
    remove his userid and change all passwords, but he could have installed a rootkit that allows him access anyway.

    All in all, the only sure way is to reinstall the OS. Search WHT for people who will do this for you, or for people who will secure your server after you've asked your host to reinstall the OS. Make sure you have a backup first of course.

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    i dont see how a firewall would even matter if its been rootkitted.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    Will installing and running rkhunter help?

  6. #6
    Join Date
    Mar 2002
    Posts
    54
    I'm not THAT novice, I actually could reinstall the OS by myself, but i really would like to avoid that, I just went to that process a couple of weeks ago, and still haven't set up everything again.
    I also suceeded in installing rkhunter, that was exactly what I was looking for, thanks! It says I'm clean, how secure am I now?

  7. #7
    Join Date
    Oct 2003
    Location
    Long Island, New York
    Posts
    220
    Insecure, unless the guy you had a quarrel with was actually a decent guy and left the server alone. Unfortunately rkhunter can't possibly be able to detect the infinite ways root access can be backdoored.

    You don't even need a rootkit to retain root access to a server. Rootkits are great at hiding processes, files, and remote accesses, but there are always ways, especially if the attacker has some savvy.
    TWSites.com - Business Web Hosting Solutions & Server Management Since 2003

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •