Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yeah, or maybe lead aprons, pants, and facemasks to protect you from the radiation. If you put a cup of water in front of the mouse and double click a couple of times, does it start to boil?
LOL. As bizarre is that is, I've actually had something similar happen with a cordless mouse/keyboard combo. It happens more than you think.
BTW, read unSpawn's security post at the top of the forum or it's very likely that you will get hacked for real. In fact it would be pretty trivial, considering that you have X wide open:
6000/tcp open X11
If you need to run services, especially local ones, then restrict access using a firewall. Having quasi-vulnerable services like rpc, samba-shares, and lpd (printer) open to the world is really dangerous. So now that you know what it feels like to get hacked (without actually getting hacked), use that as your motivation to lock your box down or at least make it less of a target.
Last edited by Capt_Caveman; 09-29-2003 at 07:35 PM.
Originally posted by unSpawn I was assumming it was through the ftp ports / I am only guessing that somehow they are using
You're not helping us help you, so this will get you nowhere. Read the advice given, act on it and supply us with factual info instead of talking *about* it.
Clacour is right about checking the rpm database from the rescue cdr, but this does not necessarily means that when it turns out OK you're in the green. Without proper response though exploring any other angles is going to be a waste of time.
My next question would be, if I reformat and set it back up what can I do to prevent this again.
I could sum up a lot, but in short: read the docs on hardening your box and act on it.
Thing of it is I did act on everything everone told me, short of the format advice.
I didn't see anything in any of the log files, or the commands I was asked to run. I didnt want to clutter the thread up with pages and pages of them, I poored over them for hours all day long. Googled the life out of myself and even booted with knoppix, and and checked most everything I could think of and then even looked in places that wouldn't be logical to look in. Also ran nmap from another machine.
I couldn't provide the info everyone was looking for cause I just couldn't find it.
I do thank everyone for their time. I search and read here quite a bit, so I rarely need to ask, most everything I need has been asked and answered already.
This was one of the times I just couldn't find anm answer anywhere.
Thanks again for your time and patience.
I guess pretty much the reason I couldn't figure it out, or find anything at all, was becasue there was nothing to find.
Originally posted by Capt_Caveman LOL. As bizarre is that is, I've actually had something similar happen with a cordless mouse/keyboard combo. It happens more than you think.
BTW, read unSpawn's security post at the top of the forum or it's very likely that you will get hacked for real. In fact it would be pretty trivial, considering that you have X wide open:
6000/tcp open X11
If you need to run services, especially local ones, then restrict access using a firewall. Having quasi-vulnerable services like rpc, samba-shares, and lpd (printer) open to the world is really dangerous. So now that you know what it feels like to get hacked (without actually getting hacked), use that as your motivation to lock your box down or at least make it less of a target.
X isn't available to anyone who isn't behind my firewall/router. My router blocks access to everything but http and ftp.
Going to read the pinned topic now thanks.
Last edited by BruceCadieux; 09-29-2003 at 07:58 PM.
Originally posted by BruceCadieux X isn't available to anyone who isn't behind my firewall/router. My router blocks access to everything but http and ftp.
Going to read the pinned topic now thanks.
I guess that nmap output was from inside your LAN then. Cool. Sounds like you're ahead of the game already
Originally posted by Capt_Caveman I guess that nmap output was from inside your LAN then. Cool. Sounds like you're ahead of the game already
Absolutelty the nmap scan was from inside my network. Scanning from outside on a neighbors Pc reveals nothing but my ftp and http.
I am certainly not an expert in securioty and I know I have allot to read, but I always block everything, and always try to shutdown things I think I will not need.
I am pressed for a little sleep time right now, so I downloaded Bastille linux, from one of the links provided here Im going to install it tonight and tinker with it some. I will delve into more security issues tommorrow.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.