Am Mo, den 17.01.2005 schrieb Lorenzo Musizza um 16:04: > one of my friends just had his FC2 based simple mailserver (with no > 3rd party software and only smtp/pop/imap services running) hacked. > He told me that he noticed something strange seeing an unknown ip > address in the "Last login from" when logged in as root. Then he > changed the root password and waited: the same ip showed up in the > secure log as a failed login attempt but after only 5 seconds the logs > said ssh root login was successful. Take the computer off-line - immediately! > My friend admitted he never patched the server with updates, and I > know allowing root ssh login is not recommended, but still I am a > little surprised. Wonderful - never updated :( > Which are the most important vulnerabilities than can lead to a root > remote login on a plain FC2 box? http://www.fedoranews.org/updates/fc2-updates.shtml Where you see the [SECURITY] behind the packages, that are critical updates. > Luciano There is no other way than erasing the current root hacked system and reinstalling it from scratch with a current updated system. Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.10-1.9_FC2smp Serendipity 16:49:47 up 3 days, 12 users, load average: 0.56, 0.72, 1.03
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
