Re: [SLUG] Linux box hanging on startup
I have seen recently a few exploits against the linux kernel - even 2.4.18 was vulnernable. SSH is not as secure as it could be - best to limit where you can connect to it from via iptables or something like that - and of course keep it up to date. Also make sure there are no scripts on your websites that might cause problems - also seen some people with fairly intelligent scanners looking for things like that. dave - Original Message - From: "Dan Banyard" <[EMAIL PROTECTED]> > I never surfed the net as rootand thought I had the box locked down - > only open ports were the normal ones (80, 21, 22) etc. I have no idea how > they got in but maybe it was through SSH (I might have a older version that > could be hacked). There was no telnet or anything like that. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux box hanging on startup
[EMAIL PROTECTED] wrote on 09-07-2003 12:37:29 PM: > Hi, > > They obviously set things so I could not reboot or find out what is going > on. The first thing I discovered was that they had change the index.html > file on the web server - I thought something had gone astray so rebooted and > that is when it all started. > > I never surfed the net as rootand thought I had the box locked down - > only open ports were the normal ones (80, 21, 22) etc. I have no idea how > they got in but maybe it was through SSH (I might have a older version that > could be hacked). There was no telnet or anything like that. > I would have thought the more likely culprit would either be your webserver, or ftp server. Check the security advisories released after the versions you are running. Cheers, Scott -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux box hanging on startup
Hi, They obviously set things so I could not reboot or find out what is going on. The first thing I discovered was that they had change the index.html file on the web server - I thought something had gone astray so rebooted and that is when it all started. I never surfed the net as rootand thought I had the box locked down - only open ports were the normal ones (80, 21, 22) etc. I have no idea how they got in but maybe it was through SSH (I might have a older version that could be hacked). There was no telnet or anything like that. I still can't believe it Dan - Original Message - From: "Brian Robson" <[EMAIL PROTECTED]> To: "SLUG" <[EMAIL PROTECTED]> Sent: Wednesday, July 09, 2003 12:26 PM Subject: Re: [SLUG] Linux box hanging on startup > Hi Dan, > > Wow, that's amazing that it happened so quickly, and a very annoying hack, > with symptoms the same as a failure to boot correctly. It would have been > worse if you did not find out. > > Also, did you surf the net as "root"??? > > Brian > > > At 11:45 AM 9/07/03 +1000, you wrote: > >Hi, > > > >Not sure if this helps anyone but so far I have found: > > > >/var/log/message -> /dev/null > >/var/log/wtmp -> /dev/null > > > >They also created an HTML page called services.html and in it: > > > >"YOU WERE HACKED!!!Welcome to ParadoX's Web`s Page" > > > >there is also a whole load of other crap (some in Spanish/French or similar) > > > >I am just about to re-install the OS > > > >dan > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux box hanging on startup
Hi Dan, Wow, that's amazing that it happened so quickly, and a very annoying hack, with symptoms the same as a failure to boot correctly. It would have been worse if you did not find out. Also, did you surf the net as "root"??? Brian At 11:45 AM 9/07/03 +1000, you wrote: >Hi, > >Not sure if this helps anyone but so far I have found: > >/var/log/message -> /dev/null >/var/log/wtmp -> /dev/null > >They also created an HTML page called services.html and in it: > >"YOU WERE HACKED!!!Welcome to ParadoX's Web`s Page" > >there is also a whole load of other crap (some in Spanish/French or similar) > >I am just about to re-install the OS > >dan -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux box hanging on startup
Hi, Not sure if this helps anyone but so far I have found: /var/log/message -> /dev/null /var/log/wtmp -> /dev/null They also created an HTML page called services.html and in it: "YOU WERE HACKED!!!Welcome to ParadoX's Web`s Page" there is also a whole load of other crap (some in Spanish/French or similar) I am just about to re-install the OS dan - Original Message - From: "Michael Lake" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Sent: Wednesday, July 09, 2003 10:34 AM Subject: Re: [SLUG] Linux box hanging on startup > Dan Banyard wrote: > > Just found the problem - it seems some nice individual has hacked into the > > machine. I found they have added HTML files announcing this fact. This > > explains the strange behaviour. So who knows what they have done to the > > system. > > Thats quite nice of them. They are polite enough to tell you rather than > leaving you in the dark and having back doors and things :-) What did > they say in the HTML? > > Mike > -- > Mike Lake > Uni of Technol., Sydney > > > > UTS CRICOS Provider Code: 00099F > > DISCLAIMER > > This email message and any accompanying attachments may contain > confidential information. If you are not the intended recipient, do not > read, use, disseminate, distribute or copy this message or attachments. > If you have received this message in error, please notify the sender > immediately and delete this message. Any views expressed in this message > are those of the individual sender, except where the sender expressly, > and with authority, states them to be the views the University of > Technology Sydney. Before opening any attachments, please check them for > viruses and defects. > > > > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux box hanging on startup
Dan Banyard wrote: > Just found the problem - it seems some nice individual has hacked into the > machine. I found they have added HTML files announcing this fact. This > explains the strange behaviour. So who knows what they have done to the > system. Thats quite nice of them. They are polite enough to tell you rather than leaving you in the dark and having back doors and things :-) What did they say in the HTML? Mike -- Mike Lake Uni of Technol., Sydney UTS CRICOS Provider Code: 00099F DISCLAIMER This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux box hanging on startup
Thanks for your help. Just found the problem - it seems some nice individual has hacked into the machine. I found they have added HTML files announcing this fact. This explains the strange behaviour. So who knows what they have done to the system. Looks like a day of re-installing the whole system. Thanks very much to those hackers. Dan - Original Message - From: "Bret Comstock Waldow" <[EMAIL PROTECTED]> To: "Dan Banyard" <[EMAIL PROTECTED]> Cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Sent: Wednesday, July 09, 2003 10:02 AM Subject: Re: [SLUG] Linux box hanging on startup > Hi, > > You say "it stops" but really you need to say what it does - you're > assuming it stops. For instance, it might switch to a video mode that > doesn't show you the prompt you expect and blithely waits for you to > login as you always have. > > What do you see up until "it stops", what do you see when "it stops", > and has it ever worked before? Is this a change in a working system, or > an install that didn't complete successfully? > > If it was working, what did you attempt last (that changed something so > the outcome is different now)? > > Cheers, > Bret > > > On Tue, 2003-07-08 at 18:33, Dan Banyard wrote: > > Hi, > > > > I have a linux box which is hanging when it boots up. At this stage I am > > not as to why this has happened (hardware or software) but I am trying to > > work out what to do. I watch it go through the boot sequence and when it > > gets to the point where should give me a login prompt is just stops. > > > > So far I have managed to restart the box in rescue mode (i am using SuSE > > 7.2) and can successfully mount the hard disk. I am really trying to find > > information on what exactly is going wrong. I have been looking through the > > /var/log files and nothing jumps out. I realise there could be a million > > things going wrong but can anyone think of where I can look for clues? Does > > anyone know of anyone who offers a good linux doctor type service? > > > > thanks in advance > > > > dan > > > -- > bwaldow at alum.mit.edu > > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Linux box hanging on startup
Hi, You say "it stops" but really you need to say what it does - you're assuming it stops. For instance, it might switch to a video mode that doesn't show you the prompt you expect and blithely waits for you to login as you always have. What do you see up until "it stops", what do you see when "it stops", and has it ever worked before? Is this a change in a working system, or an install that didn't complete successfully? If it was working, what did you attempt last (that changed something so the outcome is different now)? Cheers, Bret On Tue, 2003-07-08 at 18:33, Dan Banyard wrote: > Hi, > > I have a linux box which is hanging when it boots up. At this stage I am > not as to why this has happened (hardware or software) but I am trying to > work out what to do. I watch it go through the boot sequence and when it > gets to the point where should give me a login prompt is just stops. > > So far I have managed to restart the box in rescue mode (i am using SuSE > 7.2) and can successfully mount the hard disk. I am really trying to find > information on what exactly is going wrong. I have been looking through the > /var/log files and nothing jumps out. I realise there could be a million > things going wrong but can anyone think of where I can look for clues? Does > anyone know of anyone who offers a good linux doctor type service? > > thanks in advance > > dan > -- bwaldow at alum.mit.edu -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Linux box hanging on startup
Hi, I have a linux box which is hanging when it boots up. At this stage I am not as to why this has happened (hardware or software) but I am trying to work out what to do. I watch it go through the boot sequence and when it gets to the point where should give me a login prompt is just stops. So far I have managed to restart the box in rescue mode (i am using SuSE 7.2) and can successfully mount the hard disk. I am really trying to find information on what exactly is going wrong. I have been looking through the /var/log files and nothing jumps out. I realise there could be a million things going wrong but can anyone think of where I can look for clues? Does anyone know of anyone who offers a good linux doctor type service? thanks in advance dan -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
