Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Basicly i had a server and somebody hacked a pretty easy (yet important) ftp password. They gained access to my most important files and whipped out a few gigs of information.
I ran debugfs and lsdel to get a list of all the files that were erased. as you can see it started Sun May 16 19:06:46 2004.
the new problem is what do i do with all that. its on a different drive currently mounted as read only so ill be able to copy to another file system when i need. what im afraid is if i do "dump <inodenumber> filename" how will i be able to tell what files are what?
i guess when i think about it i can really live without most of the stuff i lost. except for the php cms i spent a week or two writting. if you have a suggestion then im all ears. thanks for any help.
1. It's called 'cracking'. 'Hacking' is programming creatively to solve a challenge.
2. Why was this password so weak, anyway?
3. That's the major problem with undeleting - you never know what the filename was. There really is no solution - you'll have to try to guess what it was by the contents.
well im not here to get into a debate over the definition of hacking. although dictionary.com does define it as " To use one's skill in computer programming to gain illegal or unauthorized access to a file or network: hacked into the company's intranet.".
if a program was a jpeg or lets say avi file. would they look any different. maybe i could wirte a script to check this out?
wow! thanks for the articles. thats the best information ive come across so far. that gui autospy tool looks like it could really help me out (and its included with that knoppix tool!).
ill probably use autos the autospy to try and recover the data. im thinking it just might be easier (and a good idea in the long run) to just download knoppix and get it with that. but how is loading the drives then? will it be using the /etc/fstab file of the comptuer it boots on?
oh also the autospy tutorail said it will give the filename of what was deleted. if thats the case then im really really really in luck.
Originally posted by sporkit well im not here to get into a debate over the definition of hacking. although dictionary.com does define it as " To use one's skill in computer programming to gain illegal or unauthorized access to a file or network: hacked into the company's intranet.".
this is the common misconception about "hackers" and "crackers"
Hackers DO NOT DESTROY peoples files, NOR do Hackers DEFACE WEBSITES!!!
Crackers and Scripts Kiddies are the LOWEST SCUM on the totem pole.............
You should go thru your files and make sure there is NO ROOTKIT
in there somewhere........
Originally posted by 320mb this is the common misconception about "hackers" and "crackers"
Hackers DO NOT DESTROY peoples files, NOR do Hackers DEFACE WEBSITES!!!
Crackers and Scripts Kiddies are the LOWEST SCUM on the totem pole.............
You should go thru your files and make sure there is NO ROOTKIT
in there somewhere........
well that sever will most definatly be whipped out and ill be starting over. ill also change the title of this post. why dont we just make up a new name for hacking... you know... like one that doesnt already mean the opposite of what were trying to say.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
The media co-opted the term "hacker" and consequently, the common idiot on the street has no idea what it really means. That's why dictionaries even have the wrong definition.
The original hackers were people like Steve Wozniak who built computers from scratch and wrote programming languages for them.
Crackers got their name from "cracking" registration codes or disabling copy protection in software, in order to "unlock" all the features of a shareware or demo program. That is of course illegal. Now crackers applies in a much broader sense to people who are "criminal hackers" (although that's the current mnemonic, that's not where the word came from). Criminal hackers are anyone who illegally modifies software and/or software, or intrudes into restricted systems (basically any system they don't own or legally work on).
1. Run chkrootkit and rkhunter to check for rootkits.
2. Don't use crackable passwords. (at least 8 characters long, numbers and letters)
3. Use a firewall (if you are not already).
There are a lot more suggestions I can give, but they are mostly for securing web servers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
