LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-29-2005, 02:11 PM   #1
jdraper
LQ Newbie
 
Registered: Jun 2005
Posts: 6

Rep: Reputation: 0
password failure RH9 - hacked?


My RH9 Linux box serves up web pages with Apache. As such it gets attacked all day long (mostly from Russia, Korea, China, etc.). I always wonder if someone will penetrate my password system but I have super cryptic passwords.

Yesterday non of my passwords worked including root. This has happened before. A boot fixes the problem but I am sure that something is askew. I checked many logs and nothing shows there is no evidence of an intruder.

Anyone seen this?

Jerry
 
Old 06-29-2005, 02:47 PM   #2
gnukish
Member
 
Registered: Apr 2005
Location: Neverland
Distribution: Slackware / Ubuntu
Posts: 171

Rep: Reputation: 30
You can try using a boot loader password to prevent such happenings.
You can also, try changing the passwords frequently to anything that might not be used in any of ur other a/c like bank/ebay/paypal etc. These are just general measures, not particularly aimed at linux ...

Regards

Last edited by gnukish; 06-29-2005 at 02:57 PM.
 
Old 06-29-2005, 02:49 PM   #3
69_rs_ss
Member
 
Registered: Jan 2004
Location: NY, USA
Distribution: Arch, openSUSE 11.1
Posts: 170

Rep: Reputation: 31
I'd suggest booting from trusted media such as a live cd and run rkhunter or another equivalent and see if there are any root kits present.
 
Old 06-29-2005, 02:53 PM   #4
gnukish
Member
 
Registered: Apr 2005
Location: Neverland
Distribution: Slackware / Ubuntu
Posts: 171

Rep: Reputation: 30
rootkits , in linux don't seem to be the biggest threat. It can perhaps be a hardware keylogger or a kernel level keylogger. You must also check for rootkits, as they should not be given best and the least importance, its one of the tools, which hackers use often on nt,xp or any os.

Your kernel version and build, also matters because kernel 2.4.x can be backdoored. Refer google, or packetstorm security archive.

Regards

Last edited by gnukish; 06-29-2005 at 02:55 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
su root: authentication failure (password correct) scs_24 Linux - Newbie 3 12-12-2009 02:07 AM
Mandrake 10.1 PPC Password failure johnnyLongside Mandriva 2 01-02-2005 07:23 PM
Samba - Win workstation, Linux Fileserver, password failure cornellS Linux - Networking 12 02-05-2004 08:20 PM
ssh password failure (sometimes) zergio Linux - Security 9 12-10-2003 09:21 PM
help! ssh password being denied for ALL acccounts (hacked?) JustinHoMi Linux - Security 4 05-26-2002 06:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration