Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 07-29-2004, 06:53 AM   #1
LQ Newbie
Registered: Jul 2004
Posts: 1

Rep: Reputation: 0
Unhappy help! i've been hacked

Can anyone help me?

I'm hosting a website and i use e-smith (now known as sme server) 4.1.1 (i also tried 4.1.2, 5.0, 5.1.2, 5.6) since 2000 i think. It worked fine until the other day when i've noticed it is down. Ok! i rebooted the machine and when it goes to "Finding module dependencies" it freezes.
Got to save my data and reinstall.
It worked for about two days and i've noticed some commands in .bash_history. I am the only one hwo knows the root password. I also find a .bash_history in / and some files (suckit and psybnc) meticulosly hidden in /usr/somewhere...

Can anyone tell me how the h*** this kid (i think) got in?
How can i shut his door (whatever that is)?
Can he gain acces through smtp?
Anyone care to look at my logs? If yes:

Thank You.
Old 07-29-2004, 07:11 AM   #2
Senior Member
Registered: May 2004
Location: Leipzig/Germany
Distribution: Arch
Posts: 1,687

Rep: Reputation: 54
...about knowing if and how someone got in and what they did: the logfiles could help - but if you where broken into by someone, who was really knowing what he/she was doing, these way have been forged / cleaned of evidence.
I'd update the distribution you are using - preferrably first saving important data and then reinstall from ground up - if you do not know how they came in and what exactly they did, this is the safeest thing to do.
Then get a firewall running - its included in the kernel and information on how to set it up you can find through Google and in your docs...
Then get familiar with tripwire - install it and check _regularly_ against the data it produced when it was running over your _clean_ system.
Close all services your machine may be offering to the outside, exept those you will need to provide the services you want to provide - and know about setting up these services safely before you expose your System to the internet.
Thera are websites like which you can use to test your machine/firewall.
Check regularly for needed security-updates of programms you run on your machine.


Last edited by jomen; 07-29-2004 at 07:14 AM.
Old 07-29-2004, 07:20 AM   #3
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
you're gonna have to re-install from scratch...

but this time make sure your firewall is tight, and all your packages are updated before you go online... you'll also obviously wanna review your configurations and methodologies... for example, using harder passwords, etc...

if you wanna check your system for more damage before you re-install, run rootkit hunter:

one thing you wanna make sure is that you don't allow root logins via ssh (common mistake)...

you do that with a PermitRootLogin no in your /etc/ssh/sshd_config

Last edited by win32sux; 07-29-2004 at 07:23 AM.
Old 07-29-2004, 07:24 AM   #4
Registered: Feb 2003
Location: San Antonio
Distribution: Suse 9.0 Professional
Posts: 843

Rep: Reputation: 30
Everything win32sux said, plus here is a useful tool...



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Have I been hacked? Please help linuxboy69 Linux - Security 11 09-07-2005 07:20 AM
Hacked? mikeshn Linux - Security 2 03-12-2004 01:57 PM
Help! Have I been hacked? Tenover Linux - Security 1 11-19-2003 03:24 PM
Did we just get hacked? vous Linux - Security 4 11-17-2003 08:11 AM
am i being hacked? tearinox Linux - Security 5 11-13-2003 06:00 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:01 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration