[kwlug-disc] server compromised
3lucid at gmail.com
Wed May 13 19:07:29 EDT 2009
I'm no expert, but I've read some discussions on matters like these and
whenever you even _suspect_ that hackers got access to your
system, it's safest to nuke the system from orbit.
For example, maybe they got into Joe Blow user's account through SSH.
That means they could have used any number of applications to try
privilege escalation exploits (vmsplice anyone?). Maybe it's an unpatched
flaw, or maybe it's something that hasn't been released to the public yet --
you can't really be sure.
If that system with the FTP server can't really be nuked from orbit, I'd look
at the latest security announcements about your FTP software. How likely
is it that the hackers could do something nasty using the FTP account?
gl & hf
More information about the kwlug-disc