unknows scripts are running the server

Chong Yu Meng chongym
Mon May 17 11:55:55 PDT 2004 

Swapana,

You are so up the shit creek! I know how you must be feeling, which is 
why I sometimes tell my customers/friends/competitors that if they don't 
know how to run a UNIX box, they should just stick to Windows.

If your box has been compromised, chances are the hackers/crackers 
probably have an account on your system. They may even know the root 
password. Even if you could stop the script from running, they can 
easily load another script there, or if they're really vindictive, they 
can screw with your system so bad that you really have no choice but to 
re-install the OS or face further humiliation, and possibly legal action.

BTW, what OS are you running ? (No, I am not a hacker, though I had to 
recover from a hacked WinNT server on the eve of Chinese New Year -- a 
very, very important day in the Chinese calendar. Which is why I can 
identify with your pain. )

UNIX is not at all like Windows -- updates do not "automagically" secure 
your system. You need to turn off all services/daemons that you are not 
using, and switch from unsecure remote connection methods to more secure 
ones.

If I remember correctly, you asked some months back, if you could secure 
telnet connections to your boxes. If you're still using telnet -- I 
think you may know the answer to that question now. Time to move to ssh, eh?

Regards,
pascal



Swapana Ghosh wrote:

>Hi
>
>  
>
>>>Did you wipe & reload the OS after the box was compromised?  If so, did
>>>you close the hole that allowed the crackers in?
>>>      
>>>
>
>No we did not reload the OS after the server was compromised..Basically the
>server is in a different place and we work with remote..
>
>Both the servers are patched with the latest patch..
>
>Tobe very frank we could not find out the *hole*, through which the crackers
>came into.. But phpnuke is running at the server.. And those crakers corrupted
>all our sites basically. So we are assuming that they enter using
>apache/php/phpnuke....
>
>It will be very much helpful if you suggest what we can do? OS update is not
>possible for us as i mentioned.. Except that if anything we can do that will be
>really helpful...
>
>Thanks and regards..
>
>__________________________________
>Do you Yahoo!?
>Free Pop-Up Blocker - Get it now
>http://companion.yahoo.com/
>_______________________________________________
>Linux-users mailing list
>Linux-users at smtp.linux-sxs.org
>Unsubscribe/Suspend/Etc -> http://smtp.linux-sxs.org/mailman/listinfo/linux-users
>
>
>  
>

More information about the Linux-users mailing list