Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: I've been hacked

  1. #11
    Join Date
    Aug 2006
    Location
    Oz
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: I've been hacked

    Thanks everyone for your wise words. Although I've used Linux since Ubuntu 6.06, I'm still pretty naive about network security. Hopefully this thread will help others before this happens to them.

    For the record, I have re-installed from a pre-hack back-up.

    unspawn: what are these services that are easy to gain entry with?

  2. #12
    Join Date
    Jun 2011
    Beans
    417
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: I've been hacked

    Hi

    Sorry to step in - everything which is accessible from outside and which is unpatched or due to wrong system administration is a security thread. You have to check what else you have to enable and only enable services/servers which you really need for outsite services/server communication and enable apparmor (minimal setup/system). In case there is no apparmor profile I can only suggest that you study apparmor documentation and create yourself a profile for the offered service/server in case there is non available. However study the provided apparmor profiles too as there is room for improvements (for my taste some of them are relaxed) - you know your system and what is needed - tailor a strict profile.

  3. #13
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: I've been hacked

    Quote Originally Posted by Mahyar View Post
    what are these services that are easy to gain entry with?
    That depends on what's exposed, what authentication and what vulnerabilities are involved. Historically that means any R* services, for Desktop systems Vino and equivalents were mentioned quite a lot in this forum, these days commonly SSH with easy-to-guess passwords instead of pubkey auth and whatever runs in the web stack. For example running vulnerable outdated versions of forum or web log software, plugins, themes and such. While the web server user has less privileges than root it can store files, maybe run cron jobs, send email and such. That may not mean much at first sight, the majority of easy-to-expoit situations are only abused for sending spam or running a bot, but leaving events undetected or not correcting them timely allows an attacker to gain a foothold and seek to compromise the system more thoroughly and at a leisurely pace. The problem with that is not only a local security risk but also an increased threat for adjacent systems: which basically means us as we're all connected via the 'net. Loading a backup still requires you to change passwords / pass phrases and assess the system for loopholes.

    Two things you should learn from your mishap are that security is a continuous process requiring a layered approach and that Linux may be free to use but using it is not free of responsibilities.

  4. #14
    Join Date
    Jul 2011
    Beans
    141
    Distro
    Ubuntu Gnome 14.04 Trusty Tahr

    Re: I've been hacked

    Quote Originally Posted by tripp98 View Post
    Also give them something to do. Install a honeypot and forward 22 to it. Its designed to capture what the hackers try to do.
    Care to mention any honeypots?

  5. #15
    Join Date
    Mar 2013
    Beans
    115

    Re: I've been hacked

    http://www.tracking-hackers.com/solutions/

    i have used honeyd. its fun watching what people try to do.
    it logs everything they type.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •