[kwlug-disc] server compromised
cdfrey at foursquare.net
Wed May 13 19:21:01 EDT 2009
On Wed, May 13, 2009 at 07:07:29PM -0400, Kyle Spaans wrote:
> I'm no expert, but I've read some discussions on matters like these and
> whenever you even _suspect_ that hackers got access to your
> system, it's safest to nuke the system from orbit.
I usually agree with that level of paranoia, but if only FTP access was
possible for this user, then it's down to the security of your FTP server
software and likely only a data access breech.
If the ftp account was a normal unix user, then (at least according
to a quick test on my system) that user could download anything on the
system with world readable rights, but won't be able to change anything.
If shell access was possible, then yes, the number of vulnerabilities
to check gets a little out of hand: setuid, kernel, etc. You might
want to keep a close eye on the server logs and schedule a reinstall
a little earlier than normal. :-)
More information about the kwlug-disc