On 25 Apr 2002 at 3:12, Girish G wrote: > What shall i do to take actions against them.
Nothing. Even if you can do anything, that's not worth of an effort. > > In this context what should be the next steps taken to > avoid this kind of HACKING. Wipe out the machine, do a clean install, update all required patches for all server software and then only bring the machine to internet. > > I had opend only FTP, SMTP , POP3 , SSH , MYSQL ports Why are you opening mysql to world? If you have a web based app. start it with - -skip-networking so that only users from local machine can access them. Firewall ports to provide access to a particular service to a particular IP block. Drop wu-ftpd if you are using it. Go to pro-ftpd. Shut down anonymous ftp if not required. That is cause of lot of holes IIRc. Stay updated is the mantra. > > can i restrict the ssh only from certain range of IP's > if i close that ssh port also is there any way to hack > my server again. wu-ftpd has a poor history of security, if that's your ftp deamon. It's not only telnet/ssh which gives you shell access.. > > How this hacking is been done ? how they get my root > password? No comments. Are you interested in doing forensics or getting your machine up and online as fast as possible.. > also when logging in to FTP server as ordinary user i > can access my /etc/ directory etc. is there any way to > prevent that ? Yes. Read the documentation. You haven't mentioned what distro you are using. sounds like stock RHL6.2 to me. Get everything latest. don't rely on any old software. Don't start any unwanted services. Restrict services as what they can do. Another point is install only as much as you require. Say you have two services installed foo and bar but only foo is running. Now there is an exploit whch grants foo the executing users privilage say foo. Now there is a local root exploit in bar. So essentially you are laid bare. Debian is great in this respect for installing bare minimum. Of course you can do that with red- hat/mandrake etc. too but then it's your skill. Remember security of system depends upon admin, not on software.. > Regards > Girish Best of Luck.. Shridhar _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
