Re: Are We Being Paranoid?
It has been over a decade since I was hacked. I've described both situations on here before.
Originally Posted by Merisi
Once was in 1993, before anyone really had firewalls. and the other time was in 2000 when I was running a 3 month out of date BIND version.
The 1st time I was on a government network using an early, very easy to use linux with X/Windows install. They came into my machine, changed the root login and deleted my user account. It was probably an internet script searching for default root logins. I was much younger and much less informed back then. No data was lost and the remote machines I was connected into were not impacted in any way either.
The 2nd time, ZERO damage was done - I'm 100% positive because backups proved all other files to be unchanged. I was running a name server for my home network, but had allowed it to be seen from the internet. At the time, Bind and Sendmail were the most likely remote attack vectors into any UNIX system. I was just a few months behind on the Bind patches, but that was enough. They script that got in never broke out of the bind userid and only wrote files under /tmp. Then it tried to escalate privileges using a perl timing bug that the system had been patched to prevent. Every attempt caused an email to be sent to me - over 140,000 in a few hours. I disconnected from the internet and started my research using a 7 day old backup. It was pretty enlightening.
Versioned backups is the single best and most important solution for computer security. Nothing, NOTHING can solve all the problems that daily, weekly, monthly backups can solve. AV is nice, but never 100%. Most seem to be 50% in real world use, though the AV companies will claim 80-95% coverage. I think that is the marketing people.
A simple mirror backup is better than nothing, but doesn't handle all the times when file corruption occurs or all the times that many weeks pass before anyone notices a virus infestation.
Versioned backups are the best answer.
Linux User since 1993. Loving Linux since 1996.
When you find the solution, please come back to this thread, explain the solution, and mark it SOLVED to help the next guy.