On Fri, 27 Feb 2009 13:32:11 -0800, Jack wrote:
Disagree, if anyone used the root password they had to know what it
was... 27 characters
It's probable that they got in through a pop3 account on one machine.
On one machine, but what about the other machines?
Did they use the same root pw?
On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines
were compromised. All had the latest patches applied.
1. Only the installed user accounts are on these machines. The root user
password is long with upper/lower case characters with numerals
punctuation. It is unlikely
On Fri, 2009-02-27 at 12:49 -0800, Jack Lauman wrote:
On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines
were compromised. All had the latest patches applied.
1. Only the installed user accounts are on these machines. The root user
password is long with upper/lower case
On Fri, 2009-02-27 at 12:49 -0800, Jack Lauman wrote:
On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines
were compromised. All had the latest patches applied.
1. Only the installed user accounts are on these machines. The root user
password is long with upper/lower case
Craig White wrote:
the problem isn't Fedora 9, it's the person setting it up and
maintaining it. These days, the most likely way someone would own a
computer would be to connect via ssh using a brute force method but it
could be something as simple as users who can get pop3 e-mail and also
Jack Lauman wrote:
Yes, I need to add root back in...
Not necessarily.
You would be safer to boot rescue from an installer DVD, then choose to
mount the filesystems for your compromised F9. Shutdown each system,
move it to a trusted network, or off-net and attach an external disk to
save
On Fri, 2009-02-27 at 13:32 -0800, Jack Lauman wrote:
Craig White wrote:
the problem isn't Fedora 9, it's the person setting it up and
maintaining it. These days, the most likely way someone would own a
computer would be to connect via ssh using a brute force method but it
could be
Jack Lauman wrote:
Have any other incidents like this been reported lately?
Not that I know of. What network services were running on these hosts,
and what web applications?
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe:
I yanked the drive and scanned it in a clean machine. Nothing found.
I'm reasonably sure the problem originated internally. (No further
comment on this.)
Thanks
Craig White wrote:
On Fri, 2009-02-27 at 13:32 -0800, Jack Lauman wrote:
Craig White wrote:
the problem isn't Fedora 9, it's
, encouragement, and advice for using Fedora.
Subject: Re: FC9 Compromised...
I yanked the drive and scanned it in a clean machine. Nothing found.
I'm reasonably sure the problem originated internally. (No further
comment on this.)
Thanks
Craig White wrote:
On Fri, 2009-02-27 at 13:32 -0800, Jack
On Fri, 2009-02-27 at 14:08 -0800, Aldo Foot wrote:
You could try booting with a LiveCD and use find to expose files
created recently.
No good. A rootkit could have changed the file creation time. Either run
a hash check on all the binaries (rpm -V might be useful here, but of
course the rpm
On Fri, Feb 27, 2009 at 3:32 PM, Patrick O'Callaghan
pocallag...@gmail.com wrote:
On Fri, 2009-02-27 at 14:08 -0800, Aldo Foot wrote:
You could try booting with a LiveCD and use find to expose files
created recently.
No good. A rootkit could have changed the file creation time.
True. But
12 matches
Mail list logo
