Re: [opensuse] system seems hacked...



Roger Oberholtzer wrote:
On Fri, 2008-02-22 at 23:17 +0100, Wolfgang Woehl wrote:
Donnerstag, 21. Februar 2008 Pavol Rusnak:

Just for the record, emech is energymech* - IRC bot programmed in
C, similar to eggdrop*, no exploit or rootkit fortunately.
Hi Pavol, I think what you say is naive at best. "Botnet" ring a bell?

Pavol RUSNAK SUSE LINUX,
s.r.o Package Maintainer Lihovarska
You seem to maintain tcpdump, libpcap, iptables and I sincerely hope that you don't take the same easygoing approach with those.

I think the hack is indeed as described. It was not really messing up my
system. It used it as a stage to probe other systems. I got a visit from
our IT department that there was a complaint about this server from some
external site. I was not surprised. It seems that the password changes
have resolved the issue. At least for now. I will have to keep watch for
something else. But I do not think the system was compromised. In
summary, I would say a user let someone use his account to run some
unexpected software.


A user like that needs two weeks unpaid vacation, so that
in the future, he can think more clearly at work before
"loaning" his account to some who wants to use it for
"unexpected software"

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx



Relevant Pages

  • Re: Is there any way to set iptables as a non-root user?
    ... > iptables as a non root user of the computer. ... User 'root' is there for special tasks (such as ... Newbies in Linux world are often afraid of root account, ... forget about running iptables from account other than root, ...
    (comp.os.linux.security)
  • Re: iptables anti-nimda anyone?
    ... Subject: iptables anti-nimda anyone? ... - The user account is activated on probation. ... There are no sweet ways to cure this. ... ISP's that don't cooperate should get no cooperation ...
    (Focus-Linux)
  • Re: IPtables web interface?? / Life with a dynamic ip...
    ... > have to constantly add my new ip address to the iptables. ... Get yourself an account with a dynamic IP/hostname service for your home ... If it has changed re-run iptables with the ...
    (comp.os.linux.security)
  • Re: IPtables web interface?? / Life with a dynamic ip...
    ... > have to constantly add my new ip address to the iptables. ... Get yourself an account with a dynamic IP/hostname service for your home ... If it has changed re-run iptables with the ...
    (comp.security.firewalls)
  • Re: IPtables web interface?? / Life with a dynamic ip...
    ... > have to constantly add my new ip address to the iptables. ... Get yourself an account with a dynamic IP/hostname service for your home ... If it has changed re-run iptables with the ...
    (comp.os.linux.networking)