[kwlug-disc] server compromised

zixiekat at gmail.com zixiekat at gmail.com
Wed May 13 19:26:28 EDT 2009


You may want to restrict ftp users by chrooting them. I have done it before with login shells, but it has been a while. 

It won't help with knowing if your system is still at risk, but it could help in the future. 
------Original Message------
From: Chris Frey
Sender: kwlug-disc-bounces at kwlug.org
To: KWLUG discussion
ReplyTo: KWLUG discussion
Subject: Re: [kwlug-disc] server compromised
Sent: May 13, 2009 7:21 PM

On Wed, May 13, 2009 at 07:07:29PM -0400, Kyle Spaans wrote:
> I'm no expert, but I've read some discussions on matters like these and
> whenever you even _suspect_ that hackers got access to your
> system, it's safest to nuke the system from orbit.

I usually agree with that level of paranoia, but if only FTP access was
possible for this user, then it's down to the security of your FTP server
software and likely only a data access breech.

If the ftp account was a normal unix user, then (at least according
to a quick test on my system) that user could download anything on the
system with world readable rights, but won't be able to change anything.

If shell access was possible, then yes, the number of vulnerabilities
to check gets a little out of hand: setuid, kernel, etc.  You might
want to keep a close eye on the server logs and schedule a reinstall
a little earlier than normal. :-)

- Chris


_______________________________________________
kwlug-disc_kwlug.org mailing list
kwlug-disc_kwlug.org at kwlug.org
http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org


Sent from my BlackBerry device on the Rogers Wireless Network


More information about the kwlug-disc_kwlug.org mailing list