LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page /home/backdoor
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 05-14-2003, 04:33 AM   #1
glyn_walters
LQ Newbie
 
Registered: May 2003
Posts: 2

Rep: Reputation: 0
/home/backdoor

Hi.

I am a linux newbie so sorry if these are standard *nix questions.

I have a public facing linux server and I notice there is a /home/backdoor directory alongside /home directories for other users that have logged in. It sounds dodgy to me. Is there any way I can find out whether there are login details for a user backdoor and whether it has been used?

Thanks
Glyn
 
Old 05-14-2003, 04:37 AM   #2
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 46
What time/date was the backdoor directory created? Is there anything listed from last backdoor? You'll probably get more responses on this thread if its in the security forum. I'll request its moved for you.

cheers

Jamie...
 
Old 05-14-2003, 04:39 AM   #3
jharris
Senior Member
 
Registered: May 2001
Location: Bristol, UK
Distribution: Slackware, Fedora, RHES
Posts: 2,243

Rep: Reputation: 46
If you have been cracked then you might find some of the following useful reading. (Shamelessly pasted from one of Unspawn's emails )

- "UNIX Security Checklist v2.0"
http://www.cert.org/tech_tips/unix_s...cklist2.0.html
- "The Twenty Most Critical Internet Security Vulnerabilities"
http://www.sans.org/top20/
- "Steps for Recovering from a UNIX or NT System Compromise"
http://www.cert.org/tech_tips/root_compromise.html
- "Collecting Electronic Evidence After A System Compromise"
http://national.auscert.org.au/rende...=2247&cid=2997

cheers

Jamie...
 
Old 05-14-2003, 05:29 AM   #4
MasterC
Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,611

Rep: Reputation: 61
/home/backdoor would suggest (to me) that user "backdoor" exists. Check /etc/passwd and post up the corresponding entry if it exists as well.

Cool
 
Old 05-14-2003, 11:33 AM   #5
glyn_walters
LQ Newbie
 
Registered: May 2003
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the replies. I will read through the links. The entry in /etc/passwd is

backdoor:x:0:503::/home/backdoor:/bin/bash
 
Old 05-14-2003, 11:52 AM   #6
MasterC
Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,611

Rep: Reputation: 61
Ooohhh... That really doesn't look good. Read over those links, take your system offline if you care about it...
It appears, to me, to have a UID of 0. This is root's uid. If a user has a uid of 0 the user is "seen" by your system as root himself (which is bad).

If you don't have a root password, create one. If you have one, change it. Read those links above, and uh, good luck

Cool
 
Old 05-15-2003, 11:29 AM   #7
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,408

Rep: Reputation: 108Reputation: 108
Moving this post to Security...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Backdoor Installed Possibly? sovietpower Linux - Security 3 09-04-2004 07:20 AM
Yet another backdoor for IE.... r_jensen11 General 11 06-29-2004 11:31 AM
My Backdoor Debian Install ClayOgre Debian 9 06-20-2003 08:38 AM
backdoor im1crazyassmofo Linux - General 3 01-16-2003 06:54 PM
SSH 2 as a backdoor? help me fenris@bu Linux - Security 3 05-24-2001 12:12 PM


All times are GMT -5. The time now is 09:44 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration