some attack to fedora machine .

Jim mickeyboa at sbcglobal.net
Fri Apr 11 15:45:21 UTC 2008


Antti J. Huhtala wrote:
> to, 2008-04-10 kello 21:50 -0400, max kirjoitti:
>   
>> Edwin Tan wrote:
>>     
>>> hi Subhodip,
>>> Please check below link for antivirus program download for linux.
>>>
>>> http://www.avast.com/eng/download-avast-for-linux-edition.html
>>>
>>> thanks.
>>>
>>>       
>> Running virus scans is a waste of time. If you believe its compromised 
>> wipe the drive and flash the bios. I don't mean just format and install 
>> either. Write zeros (maybe more than once) to the harddrive. Make sure 
>> the MBR does not survive. Do not backup anything! if you have something 
>> that you absolutely cannot do with out, I don't mean MP3's either, then 
>> back that up to a cd and label it clearly and scan only that, more than 
>> once with multiple antivirus scanners, rootkit scanners, use windows and 
>> Linux antivirus scanners and rootkit hunters. if these are something for 
>> which you have a checksum then makesure that it matches the original no 
>> matter what or shred it. Yes i mean physically shred or otherwise 
>> destroy the cd. If the the files fail a single test, consider them 
>> tainted and destroy them. Flash the bios because there are viruses that 
>> will compromise the BIOS, these will be cross platform, they will affect 
>> any machine with any OS. Make sure that any external drives that have 
>> ever come into contact with the infected machine get the same treatment. 
>> Wipe it completely clean!
>>
>> Max
>>
>>     
> A spot of overkill, perhaps?
>
> In my modest experience my Linux box has been compromised thŕee (3)
> times that I know of. The first was an RH 6.2 box, and my present box
> has been invaded twice, first during the FC6 era and then soon after my
> F8 installation last December.
> Each and every time the invader came in through ssh. Against my better
> judgement in installing F8 I allowed ssh to remain a "secure service" as
> suggested by the F8 installer. Well, it proved not to be.
>
> There seem to be some "sportsmen" out there who just can't resist the
> temptation of an open ssh port. Now, if I plan to use ssh to connect to
> my box from a remote location, I'm going to have iptables rules to allow
> ssh only from known addresses. Not very flexible, perhaps, but I don't
> want to allow these sportsmen in again.
>
> In each case, just wiping the installation clean and reinstalling with
> ssh port closed seems to have done the trick.
>
> My 2 c.
>
> Antti
>
>
>
>   
This is where the Fail2Ban app. comes in handy, if the bad guy can't get 
in the first couple of trys, because of bad passwords then Fail2Ban puts 
his IP on a Ban process




More information about the users mailing list