[SLE] Was My Brand Spanking New SUSE 9.2 Installation Hacked First 12 Hours Online?
From: Paul Grope (pgrope_at_gmail.com)
Date: 06/22/05
- Previous message: Sid Boyce: "Re: [SLE] /var/log/boot.msg"
- Next in thread: Steven T. Hatton: "Re: [SLE] Was My Brand Spanking New SUSE 9.2 Installation Hacked First 12 Hours Online?"
- Reply: Steven T. Hatton: "Re: [SLE] Was My Brand Spanking New SUSE 9.2 Installation Hacked First 12 Hours Online?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 22 Jun 2005 09:56:24 -0400 To: suse-linux-e@suse.com
The only services running were Apache2 and SSH, configured out of the box.
Firewall configured out of the box.
Left the office at 7:30 pm.
From home, I logged in via ssh. That was about 9:30 pm.
This morning tried to log in from home (about 8 am) but ssh connection refused.
When I arrived in the office (about 9 am) I inspected the box and
found very little to suggest an intrusion. A couple of
clues/curiosities.
There was one entry in the httpd log in the middle of the night.
A whole bunch of entries in message and warning log written by postfix
indicating that postfix not running.
Most curious of all is that when I tried to create files as root, I
learned that the system was read-only. I tried to create a file in
the "/root" and "/" file systems.
Does any of this mean anything to anybody?
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Sid Boyce: "Re: [SLE] /var/log/boot.msg"
- Next in thread: Steven T. Hatton: "Re: [SLE] Was My Brand Spanking New SUSE 9.2 Installation Hacked First 12 Hours Online?"
- Reply: Steven T. Hatton: "Re: [SLE] Was My Brand Spanking New SUSE 9.2 Installation Hacked First 12 Hours Online?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
