[Plug-security] I'm Cracked

[foodog@uswest.net]

  I know this isn't the studly thing to do but *if* it were
my box I'd:

back up user data and any custom config
repartition and do a fresh install
at least turn off, preferably removed unneeded services
download the Bastille package, run it while you're still
paranoid and pissed
download portsentry and install it.

The assumption being you've got better things to do with
your time than play King Of The Hill with script kiddies.
;-)

Steve
"G.D.Thurman" wrote:
> 
> It didn't take long, but my Red Hat 6.2 installation has
> been cracked.  I did a basic install and nothing else.
> It appears as though somebody did an anonymous 'ftp'
> and did something that allowed them to create two
> accounts (scam and x).  I cannot find any other files
> that may have been copied onto the machine.  The machine
> will be re-installed sometime soon, but at this moment
> the only thing I've done is remove 'ftp' from /etc/passwd,
> deleted bogus accounts, and changed passwords on the
> remaining user accounts.  I'd like to do checksums
> to see if programs such as passwd and login have been
> replaced, but that is for another time.
> 
> Does anybody know how this crack was accomplished?
> 
> Thanks.
> 
> G.D.Thurman [CS/CIS Instructor]  Scottsdale Community College
> phone:  480.423.6110    fax:  480.423.6101     icq:  65265811
> http://www.inficad.com/~thurmunit/      thurmunit@inficad.com
> 
> _______________________________________________
> Plug-security mailing list  -  Plug-security@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-security

-- 
Carpe cerevisiae