07-24-2019
Our system was hacked
Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system.
Within 24 hours, the following happened.
The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None of the inode data was changed, meaning that the output of 'ls -l' was the same before and after. In two of the directories the file permissions were 0664, and in the last, the permissions were 0644 and files owned by root.
I have not been able to find anything in any of the log files to indicate who or when this happened.
Since we had adequate backups there was no long term damage.
Any thoughts would be appreciated.
This User Gave Thanks to jgt For This Post:
3 More Discussions You Might Find Interesting
1. Linux
Hi,
i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply,
i think someone has put an script which generates enables the rules.
But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies
2. Cybersecurity
One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage.
The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies
3. Cybersecurity
Hi,
There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on :
# /etc/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num ... (7 Replies)
Discussion started by: anaigini45
7 Replies
LEARN ABOUT XFREE86
dh_fixperms
DH_FIXPERMS(1) Debhelper DH_FIXPERMS(1)
NAME
dh_fixperms - fix permissions of files in package build directories
SYNOPSIS
dh_fixperms [debhelperoptions] [-Xitem]
DESCRIPTION
dh_fixperms is a debhelper program that is responsible for setting the permissions of files and directories in package build directories to
a sane state -- a state that complies with Debian policy.
dh_fixperms makes all files in usr/share/doc in the package build directory (excluding files in the examples/ directory) be mode 644. It
also changes the permissions of all man pages to mode 644. It removes group and other write permission from all files. It removes execute
permissions from any libraries, headers, Perl modules, or desktop files that have it set. It makes all files in the standard bin and sbin
directories, usr/games/ and etc/init.d executable (since v4). Finally, it removes the setuid and setgid bits from all files in the package.
When the Rules-Requires-Root field has the (effective) value of binary-targets, dh_fixperms will also reset the ownership of all paths to
"root:root".
OPTIONS
-Xitem, --exclude item
Exclude files that contain item anywhere in their filename from having their permissions changed. You may use this option multiple
times to build up a list of things to exclude.
SEE ALSO
debhelper(7)
This program is a part of debhelper.
AUTHOR
Joey Hess <joeyh@debian.org>
11.1.6ubuntu2 2018-05-10 DH_FIXPERMS(1)