On Friday 20 Jun 2008, Thanigairajan murugan wrote: > I think my root password should be the problem (admin123) which is a > dict word and crackers has done their job easily.
Welcome to the school of hard knocks. With such a password, you deserved what happened to you. > They create a user named "oracle" and they create a directory named " > bot " and some files and some scripts I hope you have not left the system in this state and online. Suggest a fresh install. > > Lesson Learned : > > 1)Password should be strong. > 2)Allow ssh from known ips only. or hostnames e.g. dyndns services. make sure the hostname is updated to current ip. > 3)Have to take bare metal backup after installing the system , for > quick restore 4)Install and monitor any intrusion detection system Use tripwire/aide to create file signature db and store the db on a ro media only. When compared it will tell you the files touched by the intruder. -- Arun Khan _______________________________________________ To unsubscribe, email [EMAIL PROTECTED] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
