[CentOS] I appear to be attacking others

Sun Feb 5 14:52:34 UTC 2006
Jeff Kinz <jkinz at kinz.org>

On Sun, Feb 05, 2006 at 04:46:25AM -0500, James Pifer wrote:
> On Sun, 2006-02-05 at 10:30 +0100, Ralph Angenendt wrote:
> > James Pifer wrote:
> > > Besides killing what's running, how do I get this all cleaned up? 



Most hackers install multiple backdoors on a system once they get in.
Your system has been compromised and you have know way of knowing what
executables on your system have been replaced by trojans.

You have only one choice:

	You must reformat the hard drive and re-install from the beginning

	This is the only way you can be sure that you have removed all
	the backdoors from the system.
	
Unless you devote a lot of time to figuring out what backdoors might
have been installed, and have a lot of expertise to know what you're
looking for, you won't be able to be sure that the hackers have been
locked out.

Once you have addressed the break-in to your satisfaction, try running a
trip wire program like Samhain (http://la-samhna.de/samhain/).  It will
tell you the details of any changes to system files.  Few hackers would
have the time and savvy to defeat it though I'm sure it's possible.

There are a variety of countermeasures you can install to prevent
future attempts but the general rule is to disable all unnecessary
applications.  If you don't use sshd to get access from outside: install
a firewall and block port 22.  

Definitely don't run an ftp server.  Use scp if needed.



> > > 
> > > The hotmail account has been denied logins now. I've also set a new
> > > password on the account.
> > 
> > Drop Passwords for SSH completely and use public key based
> > authentification. There, one problem gone.
> > 
> > More on <http://sial.org/howto/openssh/publickey-auth/>
> > 
> > If you *have* to use passwords somewhere: Don't use weak ones.
> 
> Ralph/Ignacio,
> 
> Thank you very much for your help!!!! I think it's all cleaned up now. I
> will look at using public key based auth and disabling ssh passwords. 
> 
> Thanks again.
> James
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

-- 
Jeff Kinz, Emergent Research, Hudson, MA.
speech recognition software may have been used to create this e-mail

"The greatest dangers to liberty lurk in insidious encroachment by men
of zeal, well-meaning but without understanding." - Brandeis

To think contrary to one's era is heroism. But to speak against it is
madness. -- Eugene Ionesco