On Fri, 27 Feb 2009 13:32:11 -0800, Jack wrote:
> Disagree, if anyone used the root password they had to know what it
> was... 27 characters
>
> It's probable that they got in through a pop3 account on one machine.
On "one machine", but what about the other machines?
Did they use the same root
On Fri, Feb 27, 2009 at 3:32 PM, Patrick O'Callaghan
wrote:
> On Fri, 2009-02-27 at 14:08 -0800, Aldo Foot wrote:
>> You could try booting with a LiveCD and use find to expose files
>> created recently.
>
> No good. A rootkit could have changed the file creation time.
True. But years ago, while g
On Fri, 2009-02-27 at 14:08 -0800, Aldo Foot wrote:
> You could try booting with a LiveCD and use find to expose files
> created recently.
No good. A rootkit could have changed the file creation time. Either run
a hash check on all the binaries ("rpm -V" might be useful here, but of
course the rpm
tance, encouragement, and advice for using Fedora.
Subject: Re: FC9 Compromised...
I yanked the drive and scanned it in a clean machine. Nothing found.
I'm reasonably sure the problem originated internally. (No further
comment on this.)
Thanks
Craig White wrote:
> On Fri, 2009-02-27 at 13:3
On Fri, Feb 27, 2009 at 12:49 PM, Jack Lauman wrote:
> On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines were
> compromised. All had the latest patches applied.
At this point I would not trust any system binaries such as commands or
executable programs you don't recognize.
You
I yanked the drive and scanned it in a clean machine. Nothing found.
I'm reasonably sure the problem originated internally. (No further
comment on this.)
Thanks
Craig White wrote:
On Fri, 2009-02-27 at 13:32 -0800, Jack Lauman wrote:
Craig White wrote:
the problem isn't Fedora 9, it's the
Jack Lauman wrote:
Have any other incidents like this been reported lately?
Not that I know of. What network services were running on these hosts,
and what web applications?
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-li
On Fri, 27 Feb 2009, Christopher K. Johnson wrote:
> Jack Lauman wrote:
> >
> > Yes, I need to add root back in...
> Not necessarily. You would be safer to boot rescue from an installer
> DVD, then choose to mount the filesystems for your compromised F9.
> Shutdown each system, move it to a trust
Jack Lauman wrote:
Craig White wrote:
the problem isn't Fedora 9, it's the person setting it up and
maintaining it. These days, the most likely way someone would own a
computer would be to connect via ssh using a brute force method but it
could be something as simple as users who can get pop3
On Fri, 2009-02-27 at 13:32 -0800, Jack Lauman wrote:
>
> Craig White wrote:
>
> > the problem isn't Fedora 9, it's the person setting it up and
> > maintaining it. These days, the most likely way someone would own a
> > computer would be to connect via ssh using a brute force method but it
> > c
Jack Lauman wrote:
Yes, I need to add root back in...
Not necessarily.
You would be safer to boot rescue from an installer DVD, then choose to
mount the filesystems for your compromised F9. Shutdown each system,
move it to a trusted network, or off-net and attach an external disk to
save fi
Craig White wrote:
the problem isn't Fedora 9, it's the person setting it up and
maintaining it. These days, the most likely way someone would own a
computer would be to connect via ssh using a brute force method but it
could be something as simple as users who can get pop3 e-mail and also
hav
On Fri, 2009-02-27 at 12:49 -0800, Jack Lauman wrote:
> On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines
> were compromised. All had the latest patches applied.
>
> 1. Only the installed user accounts are on these machines. The root user
> password is long with upper/lower c
On Fri, 2009-02-27 at 12:49 -0800, Jack Lauman wrote:
> On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines
> were compromised. All had the latest patches applied.
>
> 1. Only the installed user accounts are on these machines. The root user
> password is long with upper/lower c
On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines
were compromised. All had the latest patches applied.
1. Only the installed user accounts are on these machines. The root user
password is long with upper/lower case characters with numerals &
punctuation. It is unlikely thi
15 matches
Mail list logo