Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Server hacked, Desperate for help with FC6

Bill Horne wrote:
> Grant M. wrote:
>> [snip]
>> The Ubuntu Enterprise server we're using was compromised on a
>> non-priviledged account once, but there isn't anything installed that
>> the user could use, so no worries. 
> [snip]
> While we're on the subject, how did you find out?

The first symptom was I was having problems with MySQL, which eventually 
led to my website not working.

In the end, the point of origin was almost definitely an exploit in 
Zimbra, which is a web-based collaboration tool I installed to check 
out, but never used.  I found all sorts of subtle hints, like a new 
zimbra user, which ended up in the /etc/sudoers file, and it was in the 
uucp group and the wheel group.

The attack appears to have happened about three days after I installed 
Zimbra, too.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /