password Migration
by Mohsen Basirat
Dear all
I have debian machine with more than 3000 users and i
have to change it to fedora core 4 machine and migrate
username and password .i used MD5 password in both
system but the password hash generated in fedora is
different from debian and i dont know why? please
advise me with your comments
Regards
Mohsen basirat
www.basirat.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
17 years, 3 months
Re: Machine compromised
by bhiksha
That's a very good idea.
Thanks much!
-Bhiksha
Calvin Dodge wrote:
> On 12/20/06, bhiksha <bhiksha(a)merl.com> wrote:
>
>> > I have iptables on. I also have a firewall box that only lets in ports
>> > 22 and 80.
>> > I left port 22 open to allow me to ssh in from outside, and I have
>> > tried to keep
>> > abreast of the updates.
>
>
> If you change SSH to use a non-standard port (i.e., NOT 22), that
> protects you from the random bot probes for that service
> (/etc/ssh/sshd_config, "Port")
>
> Calvin
17 years, 3 months
Re: Machine compromised
by bhiksha
Jason L Tibbitts III wrote:
>I'm not sure why you replied off-list; you lose the benefit of other
>insights into the discussion.
>
>
>
Sorry, I didnt realize I'd done that. I just hit a "reply".
Im certainly getting a lot of useful advice from the group.
>>>>>>"b" == bhiksha <bhiksha(a)merl.com> writes:
>>>>>>
>>>>>>
>
>b> Im still curious about how an account called "backup" belonging to
>b> uid 0 came to be!
>
>I can say with absolute certainty that a hacker put it there, which
>means that they found some other way into your system. Are you
>absolutely sure that you were keeping up with all of the security
>updates? Did you have the firewall on? Obviously you had at least
>one port open (22); there have been security issues in openssh
>although I don't recall that any of them were remotely exploitable.
>What other services were you running?
>
>b> I just hope the hackers are not taking advantage of some intrinsic
>b> hole in FC5.
>
>Rest assured that if there were a significant unpatched vulnerability,
>yours wouldn't be the only compromised machine. But there are many
>available servers in Fedora, and there have been many security
>updates. And of course there is plenty of software available outside
>of Fedora that could present security issues.
>
>
>
I have iptables on. I also have a firewall box that only lets in ports
22 and 80.
I left port 22 open to allow me to ssh in from outside, and I have tried
to keep
abreast of the updates.
Im not sure what happened exactly, but Im taking the suggested
precaution of simply
cleaning out the machine and reinstalling.
Thanks much
Bhiksha
> - J<
>
>
17 years, 3 months
Machine compromised
by bhiksha
Hi,
Ive installed FC5 on my machine.
In the past month, when I was away, some hackers (who seem to come in
from machines in canada, croatia, italy, and aol) ran a dictionary attack on
my machine, and managed to break into an account called "backup".
Im not sure if "backup" was a valid account in the first place -- the logs
show that the hackers failed to login to backup twice, and then successfully
logged in ever after.
Its easy to make out that its a classic dictionary attack -- they've tried
about a hundred userids, and attempted to login several thousand times.
They tried "backup" thrice and managed to get in.
Im particularly concerned that either
a. Backup is not a standard account and they managed to create it
nevertheless
or
b. They managed to login to a standard installation account, which should
really have had /bin/false as shell and should not have been
log-into-able.
Pls. advice. Im trying to ensure this doesnt happen again.
In the meantime, Ive written to the postmaster at aol about the hacker.
Thanks
Bhiksha
17 years, 3 months