Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Xandros, Mandrake, FreeBSD, i like to tinker.
Posts: 33
Rep:
ssh and webmin strangely died, but apache works
i have my server on a T1 line at a school, and it has been running since feb 27th, hosting a phpnuke website and a 16 slot battlefield:vietnam server. i have been administrating it via ssh and ocasionally webmin. it has been running fine.
today, a friend called me and said he couldnt connect to the BFV server, so i tried to connect via ssh to see what was up. but ssh timed out while trying to connect (using putty, and windows xp) i tried the same thing with my laptop (mandrake 9.2) and same thing. so then i tried to conect to webmin, but IE and mozilla timed out while trying to connect. the strange thing is that the website (apache 1.3) is still working and i can still connect via ftp (proftp). i went to the school and restarted the machine, but still the same story. any thoughts?
Last edited by emperorjordan; 03-23-2004 at 10:07 PM.
You are really going to have to sit in front of that computer and dig out some details. You say that ssh isn't answering. Well, is sshd even running? Are there any log entries that would help? Since this is connected to a school T1 and doesn't have a firewall, have you considered the possibility that you've been hacked? Can you tell us who has logged in and when?
If you want help, you are going to have to provide more detail than you have.
Distribution: Xandros, Mandrake, FreeBSD, i like to tinker.
Posts: 33
Original Poster
Rep:
thanks for responding,
yes of course sshd was running, just suddenly ssh, webmin, and the BFV servers stopped, but apache and proftp were still running, but now this morning nothing is running.
and where are these logs you are talking about? where can i find them and which ones would be helpful?
right now getting hacked sounds like whats happening, cuz none of this makes sense. and if i did get hacked, what can i do to prevent this? put a software firewall on the machine?
The logs are usually found in /var/log and the more important ones tend to be syslog and messages.
Quote:
right now getting hacked sounds like whats happening, cuz none of this makes sense. and if i did get hacked, what can i do to prevent this? put a software firewall on the machine?
If that is indeed what has happened, the only thing to do at this point is unplug the machine from the network and start reading in the security forum on how to determine if you have been hacked or not. Do not put the machine back on the network until you have determined if you have been hacked or not. Just having daemons shut down isn't necessarily evidence of being hacked. It could be that you have a memory leak in one of the programs and processes are being shut down as the machine runs out of memory. That sort of information would be in the logs. However, the log files may not be trustworthy if you have been hacked since they are frequently altered to cover up the intrusion. I'd look to see who has logged in recently and if there are any users that you didn't create. Am I right in assuming that you weren't running an IDS like Snort or a file integrity checker like Aide or Tripwire?
Again, head over to the security forum and start reading. Putting a completely unsecured machine on a public network is not a good idea and could really land YOU in hot water.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.