Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Server hacked, Desperate for help with FC6

David Kramer wrote:
> Bill Horne wrote:
>> Grant M. wrote:
>>> [snip]
>>> The Ubuntu Enterprise server we're using was compromised on a
>>> non-priviledged account once, but there isn't anything installed that
>>> the user could use, so no worries. 
>> [snip]
>> While we're on the subject, how did you find out?
> The first symptom was I was having problems with MySQL, which 
> eventually led to my website not working.
> In the end, the point of origin was almost definitely an exploit in 
> Zimbra, which is a web-based collaboration tool I installed to check 
> out, but never used.  I found all sorts of subtle hints, like a new 
> zimbra user, which ended up in the /etc/sudoers file, and it was in 
> the uucp group and the wheel group.
> The attack appears to have happened about three days after I installed 
> Zimbra, too.

Has anyone used a fingerprint verification scheme to check for hacks? 
Would it have caught this?



This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /