Linux security: A warning

Discussion in 'Archived Threads 2001-2004' started by Ryan Wright, Dec 8, 2001.

  1. Ryan Wright

    Ryan Wright Screenwriter

    Joined:
    Jul 30, 2000
    Messages:
    1,875
    Likes Received:
    0
    I recall not too long ago, a few members here were setting up Linux for the first time. Well, I've got a little advice: Do yourself a favor and don't rely on the default configuration for any length of time.

    As some of you know, I lost the system drive in my server a few weeks ago and had to reinstall everything. I put in a stock Red Hat setup, added a few services I needed, and left it at that. I figured I'd have plenty of time to lock things down later. Afterall, it's not as if I run a major server with tons of traffic.

    Well, I screwed up. The server hasn't even been online for 3 weeks and I was hacked Friday morning around 4:00 am. Some little shit exploited FTP (which I should have closed down, as I never use). He attempted to lock me out of my own server by shutting down local ttys (so I cannot login from the console), shutting down sshd, and restricting access to everything else to the new accounts he had created for himself. He also installed software to capture my password the next time I logged in and save it to a file, so he could presumably come back and get it.

    Lucky for me, he was just another script kiddie and didn't exactly know what he was doing. He didn't cover any of his tracks (I traced him right back to his server; unfortunately, he is a customer of an ISP in another country and none of them speak English, and besides, I can't go after them legally, so I'm pretty much SOL). He (or someone) had been monitoring my server for about a week.

    He did manage to make off with some of my files. I don't know which ones or how many, but he established an FTP connection to an account on geocities while he was hacked into my server, presumably to send files to himself. With my 1Mbps connection, he could pretty much take whatever he wanted. Thankfully, anything of importance is behind Windows 2000 domain security and he was unable to touch it.

    The bad news is, I've got to reformat my hard drive and reinstall everything from scratch. I'm putting up a stronger firewall on a separate machine now, so this can't happen again.

    Anyway, I just wanted to share my misfortune, and warn the rest of you. If you've installed Linux from scratch and haven't done much else with it, beware. Especially if you've got a dedicated, high speed connection.
     
  2. Joseph S

    Joseph S Cinematographer

    Joined:
    Dec 23, 1999
    Messages:
    2,862
    Likes Received:
    0
     
  3. Ryan Wright

    Ryan Wright Screenwriter

    Joined:
    Jul 30, 2000
    Messages:
    1,875
    Likes Received:
    0
     
  4. Darren Davis

    Darren Davis Stunt Coordinator

    Joined:
    Oct 9, 2001
    Messages:
    248
    Likes Received:
    0
    were you using any security progs to monitor people scanning you, etc.? That stinks, though. I know you shouldn't retaliate b/c that's just stooping to his level but...bah, make his life hell. I think he deserves it!
     
  5. DaveF

    DaveF Moderator
    Moderator

    Joined:
    Mar 4, 2001
    Messages:
    17,636
    Likes Received:
    1,436
    Location:
    One Loudoun, Ashburn, VA
    Real Name:
    David Fischer
    I just can't fathom these pointless, petty acts of vandalism. No offense Ryan, but you're just some random joe-schmoe with a nice little homesite. Why in the world would some punk want to hack your server; much less why would that be "cool" given you're nobody to them?
    Now, perhaps you actually do have super-secret stealth technology documents at home; in that case I can see why [​IMG]
    These kids need a serious butt-kicking. It's the sort of thing that makes normally sensible people want to go and hack them, steal their credit cards, and generally say, "How do ya like them apples!"
    Ok, too much sugar in my hot chocolate. Back to the lab for me. [​IMG]
     
  6. Kevin P

    Kevin P Screenwriter

    Joined:
    Jan 18, 1999
    Messages:
    1,439
    Likes Received:
    0
     
  7. Bill Catherall

    Bill Catherall Screenwriter

    Joined:
    Aug 1, 1997
    Messages:
    1,560
    Likes Received:
    0
    Thanks for the heads up Ryan. I'm one of the ones who recently installed Linux. I usually use Win98 though (I've got it set up for dual boot). But when I do run Linux I'm using the default built-in firewall. I've disabled every port. It's set up just to let me surf the web right now. I set it that way just after installing it. Should that be safe enough?
     
  8. Rob_J

    Rob_J Stunt Coordinator

    Joined:
    Aug 4, 2001
    Messages:
    136
    Likes Received:
    0
    I was running a Linux server for a while... no troubles at all. I used a default install and did not worry about closing down too many ports (just the ones I knew I would never use). Then, one day out of the blue, things stopped working. My computer gradually died by means of missing and corrupted files and the like. I had not touched the machine in months and it just stopped working. When I finally was able to look at the logs, someone hacked me from ftpd. It was too much work to fix everything that was messed up, so I had to reinstall. There were no problems with the disk either, so that ruled out a hardware failure. I must agree, these attacks are really annoying! [​IMG]
     
  9. Ryan Wright

    Ryan Wright Screenwriter

    Joined:
    Jul 30, 2000
    Messages:
    1,875
    Likes Received:
    0
     
  10. Kevin P

    Kevin P Screenwriter

    Joined:
    Jan 18, 1999
    Messages:
    1,439
    Likes Received:
    0
    I had a little scare this morning with my Linux box. It is connected to a switcher so I can access all my machines through one keyboard/mouse/monitor, and this morning I figured I'd log in and check on some things before leaving for work. So I switched over to the Linux box and tried to log in, and nothing. The screen was blank--it was getting a signal, but no text. The keyboard wasn't responding. At first I thought the machine was frozen, but I did see the hard drive light flicker. I was thinking, "dang, I've been hacked." I fired up my Windows machine and was able to Telnet into the Linux box successfully, and I shut it down, powered it off, and powered it back on--at this point I was thinking a video problem. The POST reported a keyboard error. I looked behind the switch box, and oops! The keyboard cable had come loose. I plugged it back in and was up and running again.
    In this case I wasn't hacked, I just had a little "DUH" moment. [​IMG]
    KJP
     
  11. Samuel Des

    Samuel Des Supporting Actor

    Joined:
    Feb 7, 2001
    Messages:
    796
    Likes Received:
    0
    I was really sorry to hear about your troubles! Why do people do this crap? What is the point? I'm sure there are some computer whiz points or something involved, but man, what a waste of time.
    I read these stories here, and I sometimes worry about surfing at home. I used to think that those firewall programs for guys like me were pointless. But maybe not.
    But I'm glad to hear you're back up and running! [​IMG]
     
  12. Ryan Wright

    Ryan Wright Screenwriter

    Joined:
    Jul 30, 2000
    Messages:
    1,875
    Likes Received:
    0
     

Share This Page