my harddrive was doing a whole lot in the middle of the night so I checked and saw the use "nobody" was running "find". I was running an ssh server and think that might be how they got in, so I shut that down, cos I dont really need it. I also switched off the port forwarding to the ssh port. I have a crappy wireless router from verizon. I don't think i set up my logs correctly cos I suck and couldn't really find much.
Are there some necessary things that I should change, im sure there are, but I dunno what?
And what can I do with the nobody account, it is my understanding that it should have no rights to do anything. I changed the password cos I figure the person who got in set it to what he or she wanted...can I just delete the account?
Thanks for any input. and yes one day i will stop being lazy and secure my box.
--Patrick
- [UM-LINUX] I got hacked so what should I do now? Patrick Curran
- Re: [UM-LINUX] I got hacked so what should I do no... Aaron Silverman
- Re: [UM-LINUX] I got hacked so what should I do no... Andrew Concordia
- Re: [UM-LINUX] I got hacked so what should I d... Patrick Curran
- Re: [UM-LINUX] I got hacked so what should I do no... Ritchie, Josiah S.
