[kwlug-disc] server compromised

[Chris Frey]

On Wed, May 13, 2009 at 06:58:31PM -0400, Insurance Squared Inc. wrote:
> One of my friends in the US had his username/passwords hacked (I think 
> there was a big Time/Warner fiasco down there that caused it, got it 
> through hacking his ISP account somehow).  In any event, he had an ftp 
> account on my server.  The hackers got on to the server and toasted his 
> sites.
> 
> If I'm running a normally secure linux webserver, and he's cleaned up 
> his mess on the server, do I really have anything else to worry about?  
> The hacker would only be able to get into his stuff if I'm correct - 
> they shouldn't be able to touch anything else.  Can I sleep soundly :) ?

You can always login with an account similar to his and see what you can
download that isn't yours.

Did his ftp account allow anything else?  SSH using the same password?
POP?

If not, you're probably fine as long as you were relatively up to date
with your security patches.

- Chris