Re: how to tell when you have a hacker?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
To: Main PLUG discussion list
New-Topics: reinstalled system
Subject: Re: how to tell when you have a hacker?
On Fri, 2006-02-17 at 23:37 -0500, Mike wrote:
> Well, it seems it is all okay (not that I would know). I suppose I should run
> chkroot kit daily and see if anything new shoes up.
>
> and I do disconnect the network (if down eth0 or power off).... I don't leave
> my computer on overnight (usually) or even on durring the day..
>
> bmike1@0[bmike1]$ sudo env

-----
you've only been on the hsi for about a week and it's not likely your
box was cracked already but if you are using something really simple for
a password like mike or password and you have ssh open and on standard
port 22, it's not going to take all that long for someone to hack their
way in.

Also, you probably want to make certain that root can't log in via
password in sshd_config and all the rage now on Fedora/RHEL is denyhosts
package which automatically adds entries for ip addresses with 5 (or
configurable) consecutive failed login attempts in ... hosts.deny (duh)

Also, I've found it more peaceful to change the ssh port to something
above 1024.

Craig

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss