l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2004 May 01 14:55

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Password Security...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Password Security...



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 01 May 2004 09:34 am, William Perdue william-at-williamperdue.com 
|lugod| wrote:
> Hello, I'm William...
>
> I've been having some trouble with my security in my server.... I am
> running Red Hat Linux 9 with the Linux SSH Client software.
>
> Looking through my logs, I found that a hacker got hold of my Root
> password... it was _not_ the default (it was 17 characters) .... the server
> sits behind my router with a local IP address
>
> My Firewall is set at a high level  and The Server config is far from the
> defaults...
>
> My Question: could they have obtained my root password?..

I got nailed last august after logging into my box from the shell server at 
XXXXXXX, which had a rootkit on it that was intercepting passwords and what 
not being fed to the ssh client.

Have you SSHd to your computer from any systems you don't fully trust?

Also, it is adviseable to disable root logins in SSH unless you need them.

- -- 
PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90  34E7 11DF 44F3 7217 7BC7
On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177BC7`
Also available at http://www.XXXXXXX/~ryan/ryan_at_mother_dot_com.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAlBS2Ed9E83IXe8cRAhUvAJ96zsXVIx84QK38GHz9RhXfkbyIjACgtgde
0/OsGYEUhDh3VkEZu6rzJm8=
=vaox
-----END PGP SIGNATURE-----
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.