got cracked!
Hawke
proudhawk19021@home.com
Sun, 12 Nov 2000 20:26:23 -0700
your best bet as far as wu-ftpd is concerned,
upgrade the packages 9and even get the security stuff).
also, in your ftpaccess file, change the check password from
"warn" to "enforce".
also, check to make sure your libs in the lib folder of your
ftp site hasn't been changed as well.
anything else would require more expertise than I currently
have available atm.
Hawke
> Armin Hartinger wrote:
>
> drwxrwxrwx 7 110 203 4096 Nov 4 22:45 .
> drwxr-xr-x 14 110 203 4096 Sep 24 12:04 ..
> -rw-r--r-- 1 armin armin 2326 Sep 25 18:25 apache_pb.gif
> drwxrwxr-x 2 armin armin 4096 Sep 25 18:27 deborah
> drwxrwxrwx 4 armin armin 4096 Oct 10 14:45 dev
> -rw-r--r-- 1 root ftp 1431 Oct 24 20:06 index.html
> drwxrwxrwx 2 armin armin 4096 Nov 11 17:01 kristen
> drwxrwxrwx 3 armin armin 4096 Nov 11 16:08 lauren
> drwxrwxrwx 7 110 203 4096 Aug 16 1999 manual
> -rw-r--r-- 1 root ftp 66 Oct 24 20:04 old.html
> [armin@gateway
> /www]$
>
> Someone hacked into my little Linux gateway box. He defaced index.html
> and saved the old one as old.html
> That he appears as root/ftp, is that an indication how he got in?
>
> I had anon. ftp running, using the default one RH 6.2 ships with
> (wu-2.6.0).
>
> I suppose I have to completely re-setup that box, I just would like
> to know what hole to close there.
>
> Any ideas?
>
> If anybody wants to see the deface before I fix by box:
> http://24.221.63.194/
>
>
--
Make a few extra $$$.
Join http://www.processtree.com/?sponsor=29027
The rest of this signature is currently out of service.