[ale] Redhat 6.2
Scott Nolde
smnoldelinux at mediaone.net
Fri Aug 11 14:35:16 EDT 2000
Ken N wrote:
>
> Hi,
>
> I just instlled a redhat 6.2 server and found some strange
> accounts on it not to much later. they where mind and mind1, one of them
> is a root account. I can't seemed to found any info pointing to that fact
> that this box is hacked but I am a little freaked out. Anyone have any
> ideas? The only thing running on this box is
>
> ssh on an odd port
> httpd
> wu-ftpd-2.6.0-3.i386.rpm
>
> I am a little paraniod so if anyone has any advice I would appreciate it,
>
> thanks
> Ken
>
> -----------------------------------------------------
> http://cleveland.lug.net/~rocket/
>
> "Beer is proof that god loves us and
> wants us to be happy"
>
> Ben Franklin
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
I think most everyone will suggest the 'format and reinstall' solution.
Wu-ftpd has had a nasty bug since '94 which could be used to execute
arbitrary code as root. This fact was just reported earlier this year.
A common slogan has been "Wu-ftpd: providing root access since 1994."
For fun, check to see if a few binaries have changed, notably login,
syslog, who, and last.
Perhaps if you report what you find, we could all learn from this.
- Scott
--
Never do Windows again with | Scott M. Nolde
Linux! No streaks, haze or | smnoldelinux at mediaone.net
glaze! |
2:30pm up 2:36, 2 users, load average: 1.11, 1.16, 1.09
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list