LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page I think my server's been compromized
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
Page 2 of 2 1 2
  Search this Thread
Old 01-16-2005, 08:00 PM   #16
karlovac
LQ Newbie
 
Registered: Mar 2004
Posts: 25

Original Poster
Rep: Reputation: 15

Quote:
Was there actually a user named 'admin11' before, as creating a user would require root privileges?
Yes - I have Ensim installed on this box, and admin11 is one of the users it creates when you create a new site.

-Antun
 
Old 01-17-2005, 02:19 AM   #17
TMH
Member
 
Registered: Nov 2004
Location: UK
Distribution: Gentoo
Posts: 61

Rep: Reputation: 15
If that's the case, it's possible that someone's compromised Ensim. Maybe it would be worth checking their site to see if there are any known vulnerabilities in the version you are running.
 
Old 04-02-2005, 10:18 AM   #18
yozzy
LQ Newbie
 
Registered: Apr 2005
Posts: 1

Rep: Reputation: 0
Advice
Sorry i couldnt read all posts, so if someone already said this, I am sorry in advance.

What you are talking about looks like (linux.rst.b)

Or a variant of the virus

If this is the case, i advise you to a full OS REINSTALL

I am by no means an expert, I just know a FEW things i am willing to share with you guys.

What i am saying here should help you identify if this is the case !

The virus when running sends out a HELL LOT of mail, tries to access a remote page so that the guy can record your IP address and post it to http://www.zone-h.com/ (the former lost there DB a while ago, Good news for the people who got hacked before)

It could say anything by the way, from zetha team to CoDz InferNo, it attempts to write an index.html file to all web directories, it also attempts to delete all files in those dirs, so if you have directories with 0777 (CHMOD) (recursivly 0777), well, you lost those

How did you pick it up

There are security problems with MS FRONTPAGE EXTENSIONS, if you chmod that to to WRITABLE BY ALL, well anyone can ride your website like an open highway (Joy-ride, spam-ride or revenge-ride, sometimes even competitor-ride)

Bogus scripts, what more do i need to say, Well, if people think PHPBB is bogus, i tell you it is the SAFEST BB if you keep it up to date, all the security talk about it is because it has been put to the test 10000x other boards. I personaly find holes in other BBs all the time, Never find the time to check where i can post them.

Happy Patched ? think again, You are running ensim, You need the patches for both LINUX and ENSIM, If you do not run up2date allot, expect it to happen again and again

When running an important website along with others, Install 2 instances of apache (or whatever you are using) and make the second install run under dif. user and diff group, CHMOD to make each file none of the other servers bzns (when you need to have a writable chmod)

I could go on forever, I hope you get the moral of the post, You are never very secure, so hard to get away with it without going by the book !

Yours
YOZZY
 
  


Reply
Page 2 of 2 1 2



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple DNS server's abhijeetudas Linux - Networking 2 09-04-2005 03:34 AM
server's where...... Dark_Sniper* Linux - Hardware 10 06-17-2005 11:07 PM
Learning Server's emailssent Linux - Newbie 2 09-28-2004 12:32 AM
Cleaning up the server's processes orange400 Linux - General 4 05-26-2004 09:13 PM
dedicated server's - whos best? antken General 1 12-24-2002 03:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:28 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration