On Thu, 9 Nov 2000, Fred Edmister wrote:
> Thank you so much! This helped tremendously! The good news
> is, I've not only found thier IP address, traced them back to their ISP
> (BEZEQINT.NET) and found that they did NOT do anything to the
> system!! (aparently he's been using his telnet account since this past
> weekend... VERY wierd... ) I've deleted the account, changed all the
> passwords, and am working on the rest for security.
no worries - I know how it hurts to get hacked when you get hacked bad! :(
hmm... did you find that they didn't do anything by going through his
telnet history? as you said by the sounds of it they'd not be an overly
talented hacker - so it is quite probable that they didn't get in...
> I have NO idea how they got in. I *DO* know that for a "hacker"
> they are not very "good" (knock on wood) because 1) hackers generally don't
> crash a system BEFORE they cover their tracks, and 2) they also generally
> never return to the same place twice unless it is a personal
> vendetta. This person's ISP was traced back to Isreal, and I don't know
> anyone there, and I'm a very small WSP in Upstate NY, so I'm sure I haven't
> gotten on anyone's bad side from there! LOL I have the log saved with his
> IP's, and login times and dates for the last couple days.
probably not much more you can do to get anything done to stop them - but
I would report the incident to cert in israel and cert in the US - while
sending a mesasge to the intruder's ISP letting them know that they broke
in - what time teh persone was looged in and forward any log files - that
way the ISP can follow up on their acceptable use policy and probably
cancel their account - although may be that would just make them angrier &
have a reason to come back and get you when they "grow up" in hacker
skills...:P
> Lastly, you mention using a secure telnet.... At the risk of
> sounding stupid (I never admitted to being a Linux Guru! LOL) What can I
hey - I'm not guru either - far from it - I ask loads of silly questions
on this list all the time - but I'm learning every day! even after
playing this sysadmin game for five years in a casual sort of way :)
as far as telnet goes - disable it... also disable ftp server unless you
really need it and know you have set it up right - read howtos on securing
stuff... check security web suites - got to ask jeeves and say "how can I
improve the security of my redhat linux server?"
check http://xforce.iss.net/ for info on security vulnerabilities and
exploits and how to protect yourself.
check at hte redhat errata page to make sure you have the most up to date
versions of all packages you have installed...
as far as secure telnet - well - it's not quite telnet - it's SSH - the
package you need is OpenSSH - and if you look through the list archives
there shoul dbe plenty on how to set that up... should only take you a
couple of hours to get it going and get yourself familiar with it... there
are RPMs on the redhat 6.2 (and 7 I assume) cd
I'd take this opportunity to thank the powers that be for this little
scare and do a bit of reading on securing your server before you fall prey
to a more experienced... or more malicious / careless hacker...
one more fun security site is... uhm - damn - don't have my bookmarks
handy 'cos I'm not at my computer... may be someone else can help...
oh yeah - do a net search for bastille linux or something like that -
bastille should help you tighten security... but be ready to spend a day
learning about all this fun stuff... it's worth it! :)
good luck...
- dan.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
