Server hacked, Desperate for help with FC6

Grant M. gmongardi at napc.com
Sat Nov 25 12:17:59 EST 2006


Bill Horne wrote:
>> The Ubuntu Enterprise server we're using was compromised on a
>> non-priviledged account once, but there isn't anything installed that
>> the user could use, so no worries. 

They had left a file '.sudo_to_admin' or somesuch in the user's home
folder, which strangely wasn't true at all. In fact, the user that they
had logged in as, didn't have much of any rights at all. The only reason
I had even checked it was because one of my RHEL boxes had been
compromised (using a PHP vulnerability). I suspect that is was done by
some sort of script, and had the user logged-in later, would have
quickly realized that the account couldn't do much of anything.
Grant M.
-- 
Grant Mongardi
Systems Engineer
NAPC

gmongardi at napc.com
www.napc.com
(781) 894-3114 x240 phone
781.894.3997 fax

NAPC | technology matters
>>>>>>>>>>>>>>>>>>>>>>>> Please make a note of our new HQ address as of
May 23rd: 307 Waverly Oaks Road  Waltham MA 02452


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Discuss mailing list