[ale] Redhat 6.2

Ken N kenn at pcintelligent.com
Fri Aug 11 13:27:45 EDT 2000 

OK - I am a little baffeled, I did some comparing on the fresh redhat box
in Cleveland and on this one didn't find any problems. All the files where
the same. Anyway I did take good advice and installed the latest proftpd.
:)

As far as diggin around in there I did alot of that and can't find sqaut.
So I don't know, if someone has hacked they have hidden thier tracks
really well cept for two lame logins? I have no idea...

Thanks
Ken. 

-----------------------------------------------------
http://cleveland.lug.net/~rocket/

"Beer is proof that god loves us and 
	wants us to be happy"

Ben Franklin

On Fri, 11 Aug 2000, Scott Nolde wrote:

> Ken N wrote:
> > 
> > Hi,
> > 
> >         I just instlled a redhat 6.2 server and found some strange
> > accounts on it not to much later. they where mind and mind1, one of them
> > is a root account. I can't seemed to found any info pointing to that fact
> > that this box is hacked but I am a little freaked out. Anyone have any
> > ideas? The only thing running on this box is
> > 
> > ssh on an odd port
> > httpd
> > wu-ftpd-2.6.0-3.i386.rpm
> > 
> > I am a little paraniod so if anyone has any advice I would appreciate it,
> > 
> > thanks
> > Ken
> > 
> > -----------------------------------------------------
> > http://cleveland.lug.net/~rocket/
> > 
> > "Beer is proof that god loves us and
> >         wants us to be happy"
> > 
> > Ben Franklin
> > 
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> 
> I think most everyone will suggest the 'format and reinstall' solution. 
> Wu-ftpd has had a nasty bug since '94 which could be used to execute
> arbitrary code as root.  This fact was just reported earlier this year. 
> A common slogan has been "Wu-ftpd: providing root access since 1994."
> 
> For fun, check to see if a few binaries have changed, notably login,
> syslog, who, and last.
> 
> Perhaps if you report what you find, we could all learn from this.
> 
> - Scott
> -- 
> Never do Windows again with  |  Scott M. Nolde
> Linux!  No streaks, haze or  |  smnoldelinux at mediaone.net
> glaze!                       |  
> 2:30pm up 2:36, 2 users, load average: 1.11, 1.16, 1.09
> 

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list