How to Get on the security update notification list?
Hi! How do you get on the security update notification list? I thought I had joined, but noticed several updates that I wasn't notified about. Thanks! Steve
How to Get on the security update notification list?
Hi! How do you get on the security update notification list? I thought I had joined, but noticed several updates that I wasn't notified about. Thanks! Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Interpreting error logs??? (source Quench)
Interpreting error logs: I get all kinds of unusual error messages in my log like this one: Sun Mar 4 13:17:59 source quench from 216-146-142-4.bwn.net [216.146.142.4] What is a "source Quench"? And should I be concerned about it. Where can I go to read about all the error messages in the log file? Thanks! Steve Rudd
Interpreting error logs??? (source Quench)
Interpreting error logs: I get all kinds of unusual error messages in my log like this one: Sun Mar 4 13:17:59 source quench from 216-146-142-4.bwn.net [216.146.142.4] What is a "source Quench"? And should I be concerned about it. Where can I go to read about all the error messages in the log file? Thanks! Steve Rudd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: publish a user & passwd: $1000 hack reward!
Peter Cords said: If you allow execution of CGI programs from public_html, then users will be able to execute code (probably under their UID). Then you have to secure your machine against local exploits. Obviously, you should do this anyway, but if crackers can run arbitrary code (as a non-priviledged user), then you will have to act really fast to stop yourself from getting cracked whenever a new local exploit is discovered. Note that if you allow execution of arbitrary CGI programs, the CGI program could do anything, including start a shell listening on a TCP port, or even sshd, for someone to connect to. Allowing arbitrary CGI is equivalent to giving public shell access. I have several cgi-scripts on the site. One is a data base program open to public searching of information. is any cgi- script at risk if is in the cgi-bin? Steve
publish a user & passwd: $1000 hack reward!
Hi! Steve Rudd with more "disconsolate mumbling" (great term ) So if I did publish a user name and password (not that I would) that had pop 3 and ftp access with no shell access and was restricted to public html directories, is that a risk to the rest of the system? A standard public box has hundreds of public users and passwords, so there is really very little difference between the $1000 contest of publishing the user name and passwd and not. Is this not secure? Steve > On Thu, 22 Feb 2001 13:43:55 -0500, Steve Rudd mumbled disconsolately: > > > Why I could even post them on my root page and taunt > > hackers to try and break in with them! I could even offer a 1000 prize for > > anyone who can crack and hack their way in! > > "Pride goeth before destruction, and an haughty spirit before a fall." > > Proverbs xvi. 18. > hehheh, LinuxPPC did this awhile ago, setup a contest to crack thier default installation. anyone who did so would get the box (a beige Apple G3) Debian now has a beige Apple G3 serving as a build daemon (i think its still a buildd) thanks to drow ;-)
Re: publish a user & passwd: $1000 hack reward!
Peter Cords said: >If you allow execution of >CGI programs from public_html, then users will be able to execute code >(probably under their UID). Then you have to secure your machine against >local exploits. Obviously, you should do this anyway, but if crackers can >run arbitrary code (as a non-priviledged user), then you will have to act >really fast to stop yourself from getting cracked whenever a new local >exploit is discovered. > > Note that if you allow execution of arbitrary CGI programs, the CGI program >could do anything, including start a shell listening on a TCP port, or even >sshd, for someone to connect to. Allowing arbitrary CGI is equivalent to >giving public shell access. I have several cgi-scripts on the site. One is a data base program open to public searching of information. is any cgi- script at risk if is in the cgi-bin? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
publish a user & passwd: $1000 hack reward!
Hi! Steve Rudd with more "disconsolate mumbling" (great term ) So if I did publish a user name and password (not that I would) that had pop 3 and ftp access with no shell access and was restricted to public html directories, is that a risk to the rest of the system? A standard public box has hundreds of public users and passwords, so there is really very little difference between the $1000 contest of publishing the user name and passwd and not. Is this not secure? Steve > > On Thu, 22 Feb 2001 13:43:55 -0500, Steve Rudd mumbled disconsolately: > > > > > Why I could even post them on my root page and taunt > > > hackers to try and break in with them! I could even offer a 1000 > prize for > > > anyone who can crack and hack their way in! > > > > "Pride goeth before destruction, and an haughty spirit before a fall." > > > > Proverbs xvi. 18. > > >hehheh, LinuxPPC did this awhile ago, setup a contest to crack thier >default installation. anyone who did so would get the box (a beige >Apple G3) Debian now has a beige Apple G3 serving as a build daemon (i >think its still a buildd) thanks to drow ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Separate telnet/email & ssh users???
Hi! I tore down my redhat box and installed debian about 3 days ago. I decided to use separate users and passwd for each telnet and email. User#1: standard unsecure telnet cuteftp and Eudora. User#1 has no shell access and is restricted to public "html" files directories. User#2: CRTssh program User#2: ssh shell access, but not "su". The idea is that until eudora and cuteftp come out with their new "shh" secure versions in a few months, the user names and passwords of user#1 are not a security risk. Why I could even post them on my root page and taunt hackers to try and break in with them! I could even offer a 1000 prize for anyone who can crack and hack their way in! (I saw that done at another site... real neet!) What do you think? Steve
Separate telnet/email & ssh users???
Hi! I tore down my redhat box and installed debian about 3 days ago. I decided to use separate users and passwd for each telnet and email. User#1: standard unsecure telnet cuteftp and Eudora. User#1 has no shell access and is restricted to public "html" files directories. User#2: CRTssh program User#2: ssh shell access, but not "su". The idea is that until eudora and cuteftp come out with their new "shh" secure versions in a few months, the user names and passwords of user#1 are not a security risk. Why I could even post them on my root page and taunt hackers to try and break in with them! I could even offer a 1000 prize for anyone who can crack and hack their way in! (I saw that done at another site... real neet!) What do you think? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Mac most secure servers?
I have been told by a "Mac-head" that the Mac is the most secure server and that it is significantly more secure than any unix system, including Linux. Any comments
Mac most secure servers?
I have been told by a "Mac-head" that the Mac is the most secure server and that it is significantly more secure than any unix system, including Linux. Any comments -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
how secure is mail and ftp and netscape/IE???
Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the "hackers watchdog" group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
how secure is mail and ftp and netscape/IE???
Hello! Steve here, Well I am one of the family now My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the "hackers watchdog" group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -END OF RETURNED MAIL
how secure is mail and ftp and netscape/IE???
Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the "hackers watchdog" group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve
how secure is mail and ftp and netscape/IE???
Hello! Steve here, Well I am one of the family now My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the "hackers watchdog" group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -END OF RETURNED MAIL -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hacked on Redhat 7
Daniel Stark asked:
At 01:53 PM 2/20/01 -0800, you wrote:
How exactly did you get hacked? Did you leave security wholes large
enough for a bus to drive through open? Open your inetd.conf file and #
out everything! The only thing you need open is port 22. Others will
disagree, but depending on what you server is used for, this should be
your first step for security.
Steve here,
Several have voiced an interest in the hack. Well here is a guess and some
facts:
THE HACK:
For those interested in the hack, I think it was the "Dameon worm" but
could not find any evidence of the trace files on my system. Here is what
happened:
1. I get a letter from "[EMAIL PROTECTED]" saying: "Urgent! Security
incident on your machine! Attrition.org is a non-profit, hobby web site
that monitors
computer crime on the internet. In the past few minutes, we
have been notified that your domain was hacked, and your web
page defaced. This means that the intruder has edited your
web page in some way. Due to this, it is quite likely that
one or all of the machines on your network are compromised.
You may wish to take immediate action to correct this problem
and respond to the intrusion."
2, I noticed my clock went forward maybe a day and had to reset it via
"date" command.
3. I notice a single page was changed: "index.html"
Here is the code from that page:
NS_ActualOpen=window.open;
function NS_NullWindow(){this.window;}
function NS_NewOpen(url,nam,atr){return(new NS_NullWindow());}
window.open=NS_NewOpen;
..:: Quit Crew ::..
http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0";
ID=devil WIDTH=731 HEIGHT=562>
=
end code
4. I have noticed nothing other than these changes.
So there you have it. I didn't even ever get to see what the flash was all
about it just loaded forever without anything. You know for all my trouble,
I should have at least got some free artwork!
Steve
Hacked on Redhat 7
Daniel Stark asked:
At 01:53 PM 2/20/01 -0800, you wrote:
>How exactly did you get hacked? Did you leave security wholes large
>enough for a bus to drive through open? Open your inetd.conf file and #
>out everything! The only thing you need open is port 22. Others will
>disagree, but depending on what you server is used for, this should be
>your first step for security.
Steve here,
Several have voiced an interest in the hack. Well here is a guess and some
facts:
THE HACK:
For those interested in the hack, I think it was the "Dameon worm" but
could not find any evidence of the trace files on my system. Here is what
happened:
1. I get a letter from "[EMAIL PROTECTED]" saying: "Urgent! Security
incident on your machine! Attrition.org is a non-profit, hobby web site
that monitors
computer crime on the internet. In the past few minutes, we
have been notified that your domain was hacked, and your web
page defaced. This means that the intruder has edited your
web page in some way. Due to this, it is quite likely that
one or all of the machines on your network are compromised.
You may wish to take immediate action to correct this problem
and respond to the intrusion."
2, I noticed my clock went forward maybe a day and had to reset it via
"date" command.
3. I notice a single page was changed: "index.html"
Here is the code from that page:
NS_ActualOpen=window.open;
function NS_NullWindow(){this.window;}
function NS_NewOpen(url,nam,atr){return(new NS_NullWindow());}
window.open=NS_NewOpen;
..:: Quit Crew ::..
http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0"
ID=devil WIDTH=731 HEIGHT=562>
=
end code
4. I have noticed nothing other than these changes.
So there you have it. I didn't even ever get to see what the flash was all
about it just loaded forever without anything. You know for all my trouble,
I should have at least got some free artwork!
Steve
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Realserver 8 & Webinator on Debian
Steve here, I want to install "Real Basic Server 8" and "Webinator" search program on the latest version of Debian 2.2r2. 1. Will they install or are they not compatible. For example, while Webinator would work with Redhat 7, Realserver 8 would not. (But Real Server 7 did install on Redhat 6) 2. Do these programs pose any security risk. For example, Realserver uses several port addresses for administration. Steve
How I got hacked last week: Redhat 7
Steve here,
Several have voiced an interest in the hack. Well here is a guess and some
facts:
THE HACK:
For those interested in the hack, I think it was the "Dameon worm" but
could not find any evidence of the trace files on my system. Here is what
happened:
1. I get a letter from "[EMAIL PROTECTED]" saying: "Urgent! Security
incident on your machine! Attrition.org is a non-profit, hobby web site
that monitors
computer crime on the internet. In the past few minutes, we
have been notified that your domain was hacked, and your web
page defaced. This means that the intruder has edited your
web page in some way. Due to this, it is quite likely that
one or all of the machines on your network are compromised.
You may wish to take immediate action to correct this problem
and respond to the intrusion."
2, I noticed my clock went forward maybe a day and had to reset it via
"date" command.
3. I notice a single page was changed: "index.html"
Here is the code from that page:
NS_ActualOpen=window.open;
function NS_NullWindow(){this.window;}
function NS_NewOpen(url,nam,atr){return(new NS_NullWindow());}
window.open=NS_NewOpen;
..:: Quit Crew ::..
http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0";
ID=devil WIDTH=731 HEIGHT=562>
=
end code
4. I have noticed nothing other than these changes.
So there you have it. I didn't even ever get to see what the flash was all
about it just loaded forever without anything. You know for all my trouble,
I should have at least got some free artwork!
Steve
Re: Debian or Redhat 7???
Steve here, Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have been maintaining my own box from a su level for about 3 months. That is why I was calling in an expert to install Debian tomorrow. It has become quite obvious to me that I am way over my head in trying to get my server secure. But I would also like to say that I was humbled by the sheer volume of caring replies. I want to say that I have taken note of all of them and thank you. My personal/superficial conclusions to my own questions based upon your replies is that Debian (as a software package) is a little more secure (for a variety of reasons), than Redhat 7. But the biggest factor is me getting pro help by someone who knows what he is doing. Done! There is one primary reason why I would have chosen Debian over Redhat in the first place. The auto-update feature. I was on line for the Redhat Network. It never notified me of anything. Even now, after being hacked, is gives me those nice smiley icons saying all is ok! For me to get the box set up, then issue a one line command as the SU via "CRT" program in SSH mode, to update is breathtakingly attractive! Steve
Realserver 8 & Webinator on Debian
Steve here, I want to install "Real Basic Server 8" and "Webinator" search program on the latest version of Debian 2.2r2. 1. Will they install or are they not compatible. For example, while Webinator would work with Redhat 7, Realserver 8 would not. (But Real Server 7 did install on Redhat 6) 2. Do these programs pose any security risk. For example, Realserver uses several port addresses for administration. Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
How I got hacked last week: Redhat 7
Steve here,
Several have voiced an interest in the hack. Well here is a guess and some
facts:
THE HACK:
For those interested in the hack, I think it was the "Dameon worm" but
could not find any evidence of the trace files on my system. Here is what
happened:
1. I get a letter from "[EMAIL PROTECTED]" saying: "Urgent! Security
incident on your machine! Attrition.org is a non-profit, hobby web site
that monitors
computer crime on the internet. In the past few minutes, we
have been notified that your domain was hacked, and your web
page defaced. This means that the intruder has edited your
web page in some way. Due to this, it is quite likely that
one or all of the machines on your network are compromised.
You may wish to take immediate action to correct this problem
and respond to the intrusion."
2, I noticed my clock went forward maybe a day and had to reset it via
"date" command.
3. I notice a single page was changed: "index.html"
Here is the code from that page:
NS_ActualOpen=window.open;
function NS_NullWindow(){this.window;}
function NS_NewOpen(url,nam,atr){return(new NS_NullWindow());}
window.open=NS_NewOpen;
..:: Quit Crew ::..
http://active.macromedia.com/flash2/cabs/swflash.cab#version=4,0,0,0"
ID=devil WIDTH=731 HEIGHT=562>
=
end code
4. I have noticed nothing other than these changes.
So there you have it. I didn't even ever get to see what the flash was all
about it just loaded forever without anything. You know for all my trouble,
I should have at least got some free artwork!
Steve
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian or Redhat 7???
Steve here, Well first, I repent of calling Linux 7: Redhat 7. Yes I am new. I have been maintaining my own box from a su level for about 3 months. That is why I was calling in an expert to install Debian tomorrow. It has become quite obvious to me that I am way over my head in trying to get my server secure. But I would also like to say that I was humbled by the sheer volume of caring replies. I want to say that I have taken note of all of them and thank you. My personal/superficial conclusions to my own questions based upon your replies is that Debian (as a software package) is a little more secure (for a variety of reasons), than Redhat 7. But the biggest factor is me getting pro help by someone who knows what he is doing. Done! There is one primary reason why I would have chosen Debian over Redhat in the first place. The auto-update feature. I was on line for the Redhat Network. It never notified me of anything. Even now, after being hacked, is gives me those nice smiley icons saying all is ok! For me to get the box set up, then issue a one line command as the SU via "CRT" program in SSH mode, to update is breathtakingly attractive! Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian or Linux 7???
Hi! I am frustrated with the linux 2.2 kernel. I have had two hacks in 3 months and I am going broke rebuilding my server. I went out and bought Redhat 7, and got hacked 6 weeks later. I have been placed in contact with a guy who wants me to use Debian. But if it based upon the same kernel as redhat, how is it going to be more secure? I checked and found that from (http://www.securityfocus.com/) Security risks for years: 1997-2000 respectively: Debian 3, 2, 32, 45, 12 RedHat 6, 10, 49, 85, 20 So Debian is about twice as good as redhat, but that is not real reassuring. I am considering joining the debian family, but am a bit concerned about security. Just how much more secure is Debian than redhat? Thanks! Steve Rudd
Debian or Linux 7???
Hi! I am frustrated with the linux 2.2 kernel. I have had two hacks in 3 months and I am going broke rebuilding my server. I went out and bought Redhat 7, and got hacked 6 weeks later. I have been placed in contact with a guy who wants me to use Debian. But if it based upon the same kernel as redhat, how is it going to be more secure? I checked and found that from (http://www.securityfocus.com/) Security risks for years: 1997-2000 respectively: Debian 3, 2, 32, 45, 12 RedHat 6, 10, 49, 85, 20 So Debian is about twice as good as redhat, but that is not real reassuring. I am considering joining the debian family, but am a bit concerned about security. Just how much more secure is Debian than redhat? Thanks! Steve Rudd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
