Re: hack attempt on my server...What do you do about this?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for your suggestions.  I'll give them all a shot and keep an eye
out as well for more info.  I have followed my own advise and reported
the IP's to the companies that they belong to though. :-) I know, won't
do much good but what the heck.  All three IP's belong to different
companies and all in Denmark! My little computer is growing up!  It's
traveling the world via the internet! <sniff> <sniff> :-)

On Sun, 2004-07-18 at 06:30, John Thompson wrote:
> You could boot from a rescue cd and run "chkrootkit" although from the 
> logs above it appears this was simply a scripted attack that failed. 
> There are automated programs that scan IP blocks for open ftp servers 
> and automatically launch attacks to anything they find in the hope that 
> the server can be exploited for warez, pr0n, etc.
> 
> If you need to transfer files in the future, you may want to use 
> something other than ftp (e.g., "sftp" or "scp" from the OpenSSH package).
> 
> If you simply must use ftp, configure iptables to only accept 
> connections to ports 20 and 21 from known IPs; that is, the IP address 
> or block for your work machine.
> 
> If you use xinetd to launch the ftp server on demand, you can define 
> rules to restrict access in a number of interesting ways.
> 
> Also check your tcp_wrapper rules.  Most modern ftp servers for linux 
> are compiled with tcp_wrapper support, which can add another layer of 
> control/security to the transaction.
> 
> -- 
> 
> -John (john@xxxxxxxxxxx)
-- 
Thanks,
Tom Sapp
http://www.sappsworld.com



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux