+++ Girish G <Thursday 25 April 2002 18:12>:
> One of my server has been hacked from a IP from
> chennai - DSL (Dishnet) also in my logs show some
> trials have been done from VSNL Delhi, MUMBAI IP's
you mean "cracked"
> What shall i do to take actions against them.
preserve logs, call the cops at your local "cybercrime" cell, and pray that
they have at least some clue about computers
> In this context what should be the next steps taken to
> avoid this kind of HACKING.
Secure your machine
Dont run linuxconf
Keep current with security patches
> I had opend only FTP, SMTP , POP3 , SSH , MYSQL ports
Dont use ftp, use rsync. And if you use ftp dont use wu-ftpd
> How this hacking is been done ? how they get my root
> password?
someone's an astrologer here or something?
look at the logs where you got all that info about dishnet or vsnl users.
you should be able to see just how they broke in
> also when logging in to FTP server as ordinary user i
> can access my /etc/ directory etc. is there any way to
> prevent that ?
set permissions properly. and even if they access /etc they wont be able to
modify data there
-srs
--
Suresh Ramasubramanian <----> mallet <at> efn dot org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
[Linux One Stanza Tip] From : <[EMAIL PROTECTED]>
LOST #016 -**< Sub : Console boot (non debian systems) >**-
To boot into console instead of GUI, when xdm/ gdm/ kdm are
installed, and then get into GUI with "startx", it is just a
matter of amending runlevel in /etc/inittab from 5 to 3. viz:
# Default runlevel. (Do not set to 0 or 6)
id:3:initdefault:
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
