yeah, it happened to me years ago, on a redhat 6.1 system using wu-ftp... ended up with 10 users I didn't put there, and they deleted the login stuff, so I couldn't even login... and there was alot of bitchx sessions happening on the box..
It had even been used as an IRC server.... I learned my lesson in a big way. I've been paranoid ever since.... rgds Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:expert-owner@;linux-mandrake.com]On Behalf Of Vincent Danen Sent: Friday, 1 November 2002 5:05 AM To: [EMAIL PROTECTED] Subject: Re: [expert] Ive been hacked! On Thursday, October 31, 2002, at 01:26 PM, Bill Beauchemin wrote: > I wasa running a much older version of apache and openssl that i > thought > were ok but nooooooooo I guess this hack works with even the old stuff. > I also didnt think somebody would be interested in my little private > home email and web server. Oh well I learned my lesson. Now I ogts to > go > and get the apache, openssl, and the modssl patches. A few tips. First, the updates are there to fix problems in older versions. Chances are, if there is an update for it, it's because you *need* it. We don't make updates just for kicks, and we don't provide updates for software that isn't vulnerable. IIRC, if you were running apache 1.0, you would need the update. Secondly, your private home email/web server is a preferred target. Why? Because of exactly your thinking. "No one will be interested in it". It is much easier to hack into someone's machine with a laxidazy(sp?) attitude towards security. It also helps to hide the trail. If someone can hack into your machine, and then use it as a springboard to the machine they *really* want, the better for them. To the end victim, it looks like the attack is coming from you, which it is. That means they will attempt to deal with *you*, rather than the real perpetrator. To that end, yes, it's more appealing to someone wanting to break into amazon.com, to break into your machine first. Or four machines, similar to yours, springboarding from one machine to the next, hiding their trail, until the end of the line machine (after having accomplished four hops or so) is used to attack the real target. The short and long of it is: Never *ever* assume you will not be a target. They may not be interested in your data, but they may be interested in your connection, CPU, etc. And update update *update*! Updates are done for your benefit, not ours. I know it sucks to have this happen to you, but hopefully this will serve as a lesson both to yourself and many other people who have had the same attitude as you. =) -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx - source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
