how to tell when you have a hacker?

Craig White craigwhite at azapple.com
Fri Feb 17 21:48:23 MST 2006


On Fri, 2006-02-17 at 23:37 -0500, Mike wrote:
> Well, it seems it is all okay (not that I would know). I suppose I should run 
> chkroot kit daily and see if anything new shoes up.
> 
> and I do disconnect the network (if down eth0 or power off).... I don't leave 
> my computer on overnight (usually) or even on durring the day..
> 
> bmike1 at 0[bmike1]$ sudo env
-----
you've only been on the hsi for about a week and it's not likely your
box was cracked already but if you are using something really simple for
a password like mike or password and you have ssh open and on standard
port 22, it's not going to take all that long for someone to hack their
way in.

Also, you probably want to make certain that root can't log in via
password in sshd_config and all the rage now on Fedora/RHEL is denyhosts
package which automatically adds entries for ip addresses with 5 (or
configurable) consecutive failed login attempts in ... hosts.deny (duh)

Also, I've found it more peaceful to change the ssh port to something
above 1024.

Craig



More information about the PLUG-discuss mailing list