Box Cracked ( Was: thank's )
debian at herakles.homelinux.org
Sat Oct 20 23:59:04 UTC 2007
Les Mikesell wrote:
> bob.smith at kolumbus.fi wrote:
>>> Something strange in those script? Something that lead you to think
>>> you've a rootkit installed?
>> I do this to get to know the system, I have been cracked many times
>> and quite honestly have enough of it. Either I get to know my system
>> deep down, or I run the box online all days all nights without
> The software included in the distro is fairly secure if you keep it up
> to date with frequent 'yum update' runs. If you have been cracked 'many
> times' it is likely to be because you have weak passwords that someone
> is guessing through ssh, or you haven't kept the system up to date as
> new exploits are discovered and fixed, or you have added 3rd party or
> your own programs (like a lot of php web stuff...) that are insecure and
> haven't kept them up to date.
I use ssh keys and/or vpn for remote logins. They authenticate the box,
not the user, but that's enough for me.
fwiw I recently enabled smtp authentication for mail relaying. I see
people using that to enumerate account/password combinations.
I've previously seen ssh and ftp used for that purpose.
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
Please do not reply off-list
More information about the users