Menu
▾
▴
RE: [webmin-l] Understanding daily "LogWatch"?
|
From: <dav...@da...> - 2005-09-19 01:14:19
|
I recently recovered from a server hack. They got in through a SimpleBlog hack that a user had uploaded onto their directory [Web hosting obviously]. The Hacker [they were talked to via IM] took over the box and was very... strange... he kept the box running for about 4 days and then one night 'rm -fr /' the whole box. We figure he was waiting for us to offer a dollar amount to fix... perhaps so we couldn't get him for extortion? The box took over 24 hours to recover and wasn't fun. Personally if I was "you" I'd make sure the firewall is configured and also consider if you can not set the "allow connections only from" certain IP's to SSH etc, (due to a dynamic ip address) set up some MAX connection situation to block connections when they are getting dictionary hacked. Now another method is door knocking to open the SSH port, but quiet honest this appears to be quiet above your current skill level. BTW: You can "turn off" SSH in Webmin, and only turn it on when you need to. Personally most people do it the other way around... but hey ;) David Coley Codecipher -----Original Message----- From: web...@li... [mailto:web...@li...] On Behalf Of pr...@pr... Sent: Sunday, September 18, 2005 8:34 PM To: web...@li... Subject: RE: [webmin-l] Understanding daily "LogWatch"? From: Prodos Greetings Vern wrote: > These are attempted hacks (logon failures) into your box. Many are created by > dictionary password crack programs that are used to attempt to figure out user name > and passwords on your box. I used to get these and figured the best thing to do is to > block the ssh port (tcp port 22) and only allow specific IP addresses, that I specify, > access to that port. I see. Thanks for that information. Sorry to ask such a dumb question but: What can anyone gain by getting into my server by this method? Is it simply vandalism, or is there some sort of point to it? For instance, does it allow the "hackers" to use my server to run their own websites or email/spam programs? Best Wishes, PRODOS http://prodos.thinkertothinker.com ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php - Forwarded by the Webmin mailing list at web...@li... To remove yourself from this list, go to http://lists.sourceforge.net/lists/listinfo/webadmin-list -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.1/104 - Release Date: 9/16/2005 |
