[kwlug-disc] server compromised

Chris Frey cdfrey at foursquare.net
Wed May 13 19:46:26 EDT 2009


That's up to you... but ssh == shell in most cases, and opens you up
to much more tricky attacks than just an ftp server, if that account
gets compromised.

It would be nice if he used different passwords for all his accounts
regardless whether it is ssh or ftp.

- Chris


On Wed, May 13, 2009 at 07:36:40PM -0400, Insurance Squared Inc. wrote:
> So no firm answer is possible, but it sounds like I'm 'probably' safe.  
> This was an automated attack, not an individual actively logging on.  I 
> guess I'll leave it for now, and work on doing a complete server wipe 
> which is long overdue.
> 
> Going forward, the only person who ftp's on to my server is this user.  
> Everyone else - which consists of myself and my developer - do any 
> server stuff from command line linux.  Is there any benefit from my 
> forcing my friend to use ssh to access the server instead of ftp?  He's 
> on a windows box so he'd have to find some software.  I installed an ftp 
> daemon for his benefit and didn't like it at the time.
> 
> g.
> 
> 
> zixiekat at gmail.com wrote:
> >You may want to restrict ftp users by chrooting them. I have done it 
> >before with login shells, but it has been a while. 
> >It won't help with knowing if your system is still at risk, but it could 
> >help in the future. ------Original Message------
> >From: Chris Frey
> >Sender: kwlug-disc-bounces at kwlug.org
> >To: KWLUG discussion
> >ReplyTo: KWLUG discussion
> >Subject: Re: [kwlug-disc] server compromised
> >Sent: May 13, 2009 7:21 PM
> >
> >On Wed, May 13, 2009 at 07:07:29PM -0400, Kyle Spaans wrote:
> >  
> >>I'm no expert, but I've read some discussions on matters like these and
> >>whenever you even _suspect_ that hackers got access to your
> >>system, it's safest to nuke the system from orbit.
> >>    
> >
> >I usually agree with that level of paranoia, but if only FTP access was
> >possible for this user, then it's down to the security of your FTP server
> >software and likely only a data access breech.
> >
> >If the ftp account was a normal unix user, then (at least according
> >to a quick test on my system) that user could download anything on the
> >system with world readable rights, but won't be able to change anything.
> >
> >If shell access was possible, then yes, the number of vulnerabilities
> >to check gets a little out of hand: setuid, kernel, etc.  You might
> >want to keep a close eye on the server logs and schedule a reinstall
> >a little earlier than normal. :-)
> >
> >- Chris
> >
> >
> >_______________________________________________
> >kwlug-disc_kwlug.org mailing list
> >kwlug-disc_kwlug.org at kwlug.org
> >http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> >
> >
> >Sent from my BlackBerry device on the Rogers Wireless Network
> >_______________________________________________
> >kwlug-disc_kwlug.org mailing list
> >kwlug-disc_kwlug.org at kwlug.org
> >http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> >
> >  
> 
> -- 
> Glenn Cooke
> Insurance Squared Inc.
> www.insurancesquared.com
> 1-866-779-1499
> 
> Agent discussion forum: http://www.americaninsurancebroker.com
> Free US broker directory: http://directory.americaninsurancebroker.com
> Free Canadian broker directory: http://www.canadianinsurancebroker.com
> 
> 
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org



More information about the kwlug-disc_kwlug.org mailing list