[CentOS] Help: Server security compromised?

Noob Centos Admin centos.admin at gmail.com
Wed Aug 6 06:29:09 UTC 2008


More information, after noting the cyclical shutdown of the firewall, I
looked into crontab and found a line that stops apf every 5 minutes and
directs the output to null.

I cannot copy the exact line now because of my stupidity (good reason why I
call myself a noob).

After noting this, which obviously is not a line I entered, which I suspect
(wrongly) was injected by some hacker, I removed it. Then proceeded to check
apf which was installed by a third party script.

As I noted the comments in the apf.conf, I realized that the autoshutdown of
the firewall was due to development settings in the apf.conf file to prevent
lockout due to bad firewall configurations. And just as I had the "OH SHIT"
thought, my SSH got disconnected and I promptly found myself locked out of
the server.

Since I followed some of the rules about SSH and used a non-standard port
for SSH and disable SSHD listening on the default port 22, I've no way back
into the server and all services on that server are now apparently dead to
the way. :(

So I'm now prepping for a long ride to the IDC if a reboot doesn't help my
stupidity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080806/5e2e3115/attachment.html>


More information about the CentOS mailing list