Re: Found, a new rootkit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Gene Heskett wrote:
We've cut our bandwidth use in half by getting rid of that. We also
checked the logs and added several dozen more addresses
to /etc/hosts.deny,
That is fairly useless. IP addresses of attackers change as quickly at
IP addressess of spammers, and they have so many it's like trying to
fence off the porn sites of the world.
More important is to discover how the rogue gained entry and to close
that loophole. How did the shell script get there? Whose account was
used? Does .bash_history include useful clues about what was done? Did
the attacker send email after gaining entry? If so, the recipent domain
(eg Yahoo) may be interested.
Root's account, eh? Disallow password-based authentication for root.
Ensure that only those who need it have shell accounts, and that those
have good passwords. _I_ have incoming ssh land on my personal desktop,
there there is only my password to worry about.
[Index of Archives]
[Current Fedora Users]
[Fedora Desktop]
[Fedora SELinux]
[Yosemite News]
[Yosemite Photos]
[KDE Users]
[Fedora Tools]
[Fedora Docs]
