Ryan Wright
Screenwriter
- Joined
- Jul 30, 2000
- Messages
- 1,875
I recall not too long ago, a few members here were setting up Linux for the first time. Well, I've got a little advice: Do yourself a favor and don't rely on the default configuration for any length of time.
As some of you know, I lost the system drive in my server a few weeks ago and had to reinstall everything. I put in a stock Red Hat setup, added a few services I needed, and left it at that. I figured I'd have plenty of time to lock things down later. Afterall, it's not as if I run a major server with tons of traffic.
Well, I screwed up. The server hasn't even been online for 3 weeks and I was hacked Friday morning around 4:00 am. Some little shit exploited FTP (which I should have closed down, as I never use). He attempted to lock me out of my own server by shutting down local ttys (so I cannot login from the console), shutting down sshd, and restricting access to everything else to the new accounts he had created for himself. He also installed software to capture my password the next time I logged in and save it to a file, so he could presumably come back and get it.
Lucky for me, he was just another script kiddie and didn't exactly know what he was doing. He didn't cover any of his tracks (I traced him right back to his server; unfortunately, he is a customer of an ISP in another country and none of them speak English, and besides, I can't go after them legally, so I'm pretty much SOL). He (or someone) had been monitoring my server for about a week.
He did manage to make off with some of my files. I don't know which ones or how many, but he established an FTP connection to an account on geocities while he was hacked into my server, presumably to send files to himself. With my 1Mbps connection, he could pretty much take whatever he wanted. Thankfully, anything of importance is behind Windows 2000 domain security and he was unable to touch it.
The bad news is, I've got to reformat my hard drive and reinstall everything from scratch. I'm putting up a stronger firewall on a separate machine now, so this can't happen again.
Anyway, I just wanted to share my misfortune, and warn the rest of you. If you've installed Linux from scratch and haven't done much else with it, beware. Especially if you've got a dedicated, high speed connection.
As some of you know, I lost the system drive in my server a few weeks ago and had to reinstall everything. I put in a stock Red Hat setup, added a few services I needed, and left it at that. I figured I'd have plenty of time to lock things down later. Afterall, it's not as if I run a major server with tons of traffic.
Well, I screwed up. The server hasn't even been online for 3 weeks and I was hacked Friday morning around 4:00 am. Some little shit exploited FTP (which I should have closed down, as I never use). He attempted to lock me out of my own server by shutting down local ttys (so I cannot login from the console), shutting down sshd, and restricting access to everything else to the new accounts he had created for himself. He also installed software to capture my password the next time I logged in and save it to a file, so he could presumably come back and get it.
Lucky for me, he was just another script kiddie and didn't exactly know what he was doing. He didn't cover any of his tracks (I traced him right back to his server; unfortunately, he is a customer of an ISP in another country and none of them speak English, and besides, I can't go after them legally, so I'm pretty much SOL). He (or someone) had been monitoring my server for about a week.
He did manage to make off with some of my files. I don't know which ones or how many, but he established an FTP connection to an account on geocities while he was hacked into my server, presumably to send files to himself. With my 1Mbps connection, he could pretty much take whatever he wanted. Thankfully, anything of importance is behind Windows 2000 domain security and he was unable to touch it.
The bad news is, I've got to reformat my hard drive and reinstall everything from scratch. I'm putting up a stronger firewall on a separate machine now, so this can't happen again.
Anyway, I just wanted to share my misfortune, and warn the rest of you. If you've installed Linux from scratch and haven't done much else with it, beware. Especially if you've got a dedicated, high speed connection.