[Plug-security] I'm Cracked
G.D.Thurman
thurmunit@user1.inficad.com
Tue, 15 Aug 2000 15:11:55 -0700 (MST)
It didn't take long, but my Red Hat 6.2 installation has
been cracked. I did a basic install and nothing else.
It appears as though somebody did an anonymous 'ftp'
and did something that allowed them to create two
accounts (scam and x). I cannot find any other files
that may have been copied onto the machine. The machine
will be re-installed sometime soon, but at this moment
the only thing I've done is remove 'ftp' from /etc/passwd,
deleted bogus accounts, and changed passwords on the
remaining user accounts. I'd like to do checksums
to see if programs such as passwd and login have been
replaced, but that is for another time.
Does anybody know how this crack was accomplished?
Thanks.
G.D.Thurman [CS/CIS Instructor] Scottsdale Community College
phone: 480.423.6110 fax: 480.423.6101 icq: 65265811
http://www.inficad.com/~thurmunit/ thurmunit@inficad.com