[SLE] Hacked?

• Previous message: John Wilkes: "[SLE] cannot open root device"
• Next in thread: expatriate: "Re: [SLE] Hacked?"
• Reply: expatriate: "Re: [SLE] Hacked?"
• Reply: Carlos E. R.: "Re: [SLE] Hacked?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 28 Apr 2004 09:53:32 -0400 (EDT)
To: "[SLE]" <suse-linux-e@suse.com>

OS: SuSE 9.0

This is a new FTP installation updated via YOU. During the install, one
non-root user was created and used successfully for about a week. First
sign of trouble: we couldn't login with error indicating an incorrect
password. AS root we reset the password and can now login on a character
screen but when logging in under KDE, receive the following error:

        There was an error setting up inter-process communications with
        KDE. The message returned by the system was:

        Could not read network connection list
        /home/<user>/.DCOPserver_HBADMIN_0

        Please check that the dcopserver program is running.

A quick check of running processes shows no such process.

The KDE login fails and returns to a login screen. All other users can
login just fine.

Further, we tried removing this use and his home directory along with all
files/subdirectories but were unable to even list the following
dirctories:

        cannot access /home/<user>/.qt (permission denied)
        cannot access /home/<user>/.kde (permission denied)
        cannot access /home/<user>/.wine (permission denied)
        cannot access /home/<user>/Desktop (permission denied)

even as root.

Could this system have been hacked or compromised in some way? (How would
I go about checking this?) If so, what should we do about it?

(I did enable SuSEfirewall2 closing all ports to the outside world.)

Thank you,
Lucky Leavell

-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com

• Previous message: John Wilkes: "[SLE] cannot open root device"
• Next in thread: expatriate: "Re: [SLE] Hacked?"
• Reply: expatriate: "Re: [SLE] Hacked?"
• Reply: Carlos E. R.: "Re: [SLE] Hacked?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [SLE] Hacked? ... >non-root user was created and used successfully for about a week. ... AS root we reset the password and can now login on a character ... we tried removing this use and his home directory along with all ... I use rsync nightly to backup my entire home directory into a ... (SuSE) su from root ... between FreeBSD 4.6 and 5.3. ... If I login and then su to root ... login.access which does have a limitation to prevent the non-root user ... (freebsd-questions) Re: Startup and what startups.... ... List of Startup Programs Running at Login ... View All Running Processes ... Taskbar Repair Tool ... (microsoft.public.windowsxp.general) Re: authentication failure ... I can login as a non-root user, but not as a root user. ... I get message "Access denied" when longin using root via ssh. ... (Debian-User) Re: [SLE] Strange login behaviour ... If I log in as a non-root user and I type 'login', ... FATAL: cannot change permissions of TTY: Operation not permitted ... (SuSE)