Security :: /tmp Exploit User Getting Heavily Spammed?
Jun 8, 2011
I've got a user getting heavily spammed but other users on the same domain are fine, it all started last night here's some info...
-rwsr-xr-x 1 root root 700492 Jun 8 18:18 exploit
I've got loads of these in 'top'
5975 dovecot 15 0 3712 1712 1432 S 0.0 0.2 0:00.00 imap-login
and these in ps dovecot
dovecot 5250 5533 0 13:05 ? 00:00:00 pop3-login
root 5533 1 0 11:21 ? 00:00:00 /usr/sbin/dovecot
root 5534 5533 0 11:21 ? 00:00:00 dovecot-auth
dovecot 5663 5533 0 12:15 ? 00:00:00 pop3-login
ps exim i've got
Code:
mail 19725 32303 0 15:03 ? 00:00:00 /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
mail 19732 19725 0 15:03 ? 00:00:00 [exim] <defunct>
mail 20142 19725 0 15:03 ? 00:00:00 [exim] <defunct>
[code]....
View 4 Replies
ADVERTISEMENT
Feb 12, 2011
Has anybody else seen this kind of attack? I see those messages on 2 exim mailservers. Looks as if someone sends a 50MB big mail header :S What is their goal except from increasing my traffic?
Code:
2011-02-12 07:48:53 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=ns33.medialook.net [91.121.108.5] input="GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
[Code].....
View 4 Replies
View Related
Dec 15, 2010
I was just wondering wether a directory (I know thats just a special file) could be a security problem, as they have execute permissions? Could an exploit be attached to a directory. Has this ever happened?
View 1 Replies
View Related
Apr 8, 2010
I've been looking awhile now, but no patch for this is yet to be found. Does anyone have more info, or better, a fix? Last version from GNU's ftp server is also vuln as of this writing.
View 3 Replies
View Related
Nov 8, 2010
A researcher at security firm Alert Logic has published code that could be used to compromise some versions of Google's Android Operating System. The exploit, if properly adapted, could make Android phones vulnerable to remote attacks and compromises.
View 2 Replies
View Related
Jan 9, 2010
I've scanned my computer (I'm using Ubuntu 8.04 Hardy Heron) and ClamAV has issued it has found a virus called Exploit.PDF-9669. What seems strange to me is that such a warning always happens (or, at least, in the most cases) in the same folder tree "sys" and ClamAV issues the very same virus/malware warning (Exploit.PDF-9669).
An example:
sys/devices/virtual/vtconsole/vtcon0/uevent: Exploit.PDF-9669 FOUND
sys/devices/virtual/net/ppp0/address: Exploit.PDF-9669 FOUND
sys/devices/virtual/net/ppp0/broadcast: Exploit.PDF-9669 FOUND
sys/devices/LNXSYSTM:00/device:00/uevent: Exploit.PDF-9669 FOUND
My ClamAV version is 0.94.2/10275/Fri Jan 8 22:06:46 2010. It has been not updated since I installed Hardy in my computer last year. Is my computer in danger?
View 2 Replies
View Related
Jun 9, 2010
I read this morning that MicroSoft and Adobe Flash released a huge security update to counter the threat of malicious apps taking over systems. Included in the fix was Excel spreadsheets. Apparently a hacker could send a spreadsheet that if opened could remotely take over your machine. I opened my update manager and there was a sizable Open Office and Java update.
Question: Are Linux/Ubuntu machines susceptible to the security flaws?
Question: Since Adobe Flash is considered proprietary and not updated through the Ubuntu update manager, do I have to manually update that package?
View 2 Replies
View Related
Jan 23, 2011
So what is the term used when your web site is getting spammed from many different ip addresses, hits are minutes apart?
View 14 Replies
View Related
May 12, 2011
I need assistance with my Snort Installation. I used Bodhi Zazen's Network Intrusion Detection System post and found it easier than the previous time I had done it. I am currently running Ubuntu 10.04 server and Snort 2.8.6.1 with BASE 1.4.5. I followed Bodhi Zazen's instructions and when I tested snort it ended with a Fatal Error due to ERROR: /etc/snort/rules/exploit.rules(264) => 'fast_pattern' does not take an argument
Fatal Error, Quitting.. Here is the entire output once I ran the test command: snort -c /etc/snort/snort.con -T Running in Test mode
[Code]...
View 2 Replies
View Related
Feb 2, 2011
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
View 4 Replies
View Related
Dec 8, 2010
Dan Rosenberg has issued another Linux Kernel Exploit with PoC described in LWN [URL] I have tested that this exploit is not working on -Current (custom kernel, 2.6.36.1), which is good sign that Slackware is already immune of those problems.
View 12 Replies
View Related
Apr 15, 2009
I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
View 6 Replies
View Related
Mar 13, 2011
I am a student taking part in a comptition. We have a set of questions to complete within today. Can anyone please help me out with it. I have a custom written "echo" program in C, running on port number "1220" which echoes back the first 16 characters of whatever is given as the first command line argument. But somehow, my brother had got unauthorized remote root access. The program is given below. How did he do it? Please give the exploit code and explain how it works.
#include
#include
void echo(char* input) {
[code]....
View 2 Replies
View Related
Feb 2, 2011
What security mechanisms are used by recent versions of the Linux operating system during user authentication?
View 3 Replies
View Related
Dec 14, 2010
Exim user can get owned by a remote exploit [URL].. I was running Exim 4.63 5.el5_5.1 on CentOS 5.5 x86_64 and my Exim user got owned by that exploit.
Now I ran yum update and exim updated to 4.63 5.el5_5.2 I cannot find anywhere if this updated fixes the exploit.
View 8 Replies
View Related
May 10, 2011
CentOS using yum to update Exim. Exim is configured to not allow remote connections using the local_interfaces config option.My old version was 4.63-5.el5_5.2 and after using:
yum update exim
View 4 Replies
View Related
Mar 27, 2010
I'd like to limit ps aux command outputs to current user only(the one, who invoked "ps". I've recently saw this feature on FreeBSD systems and on at least one Linux system running on shell.sf.net. I run Linux 2.6.33, I wanted to know how to make that. Any advice? Googling around wasn't too successful, perhaps I don't know how to query that, recently tried with "limit ps outputs" "ps aux current user", etc... had no luck.
View 2 Replies
View Related
Apr 13, 2010
perform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
Status of UserID
Type
User Name
[code]....
View 3 Replies
View Related
Jan 6, 2010
set a Linux user (RHEL 3.x and RHEL 5.x) to no direct login via ssh but still allow an su to it from other accounts. setting the shell for the user to /sbin/nologin, which, according to the Google hit, should not affect an su to the account. I tried that and when I attempt an su to the account, the message received is "This account is not currently available".
View 3 Replies
View Related
Apr 20, 2010
I have recently moved back to Linux as my primary desktop platform and have begun to use ssh keys for a lot of things. Logging into remote machines but also things like github, bitbucket, and a mercurial-server instance. The managing of my keys has become a little cumbersome. For example, I have the following OSs that I may use on any given day:
- Primary Linux Desktop
- Laptop w/ Windows 7
- Laptop w/ Linux
- Local Linux Server
- Production Linux Server
On each of those OSs, I have a user and from any of them I might need to pull code from a mercurial-server instance. That means I have to setup five "users" on the mercurial-server instance to give just one person (me) access from all locations. So, I was wondering what the best practice for this setup is. Can I use just one key pair for "me" and install the .pub key on all my systems? If I do that, then on most of those systems, the .pub key will be installed and also be in the authorized_keys file (i.e. I want to be able to login to the production server from my local linux box but also be able to login to mercurial-server from the production server), is that a problem?
Finally, I have been wondering about the wisdom in using the same public key for all services. For example, I currently use the same key to login to my production linux server as I use to login to bitbucket. If there was a malicious admin at bitbucket, or any third party I am using a key with, then they can get access to my user on my production system b/c they know my .pub key.
View 2 Replies
View Related
Apr 7, 2011
I m new with Fedora 14, and i have a basic business case :
I want to setup a user which should
- only connect to the server with SSH (ex.: no X11 connection).
- cannot change its shell
- cannot do any SU / SUDO command
This user is very similar to a SERVICE user, as I expect him only to run a single program (its shell).
View 7 Replies
View Related
Jul 30, 2010
I was apparently invaded this morning via my private FTP server. The invader logged in with my user name and apparently knew the password for the account,The system is Hardy LTS 8.04.4, fully updated. I have backups that pre-date the intrusion, stored on another system, so am not totally averse to reformatting and reloading everything -- although I'd like to avoid it if possible.The "passwords.txt" file contains only a few passwords for online forums, including this one; it does not include anything critical such as banking information. I'm most concerned about the implications of the ssh config data...
View 2 Replies
View Related
Sep 26, 2010
This is probably trivial, but i can't seem to find the solution myself. I have donated my old laptop to a "public" one for everyone that hangs around my house. I've made a extra user account on it, so now it has two, one for me (fafler) and one for everyone else (bruger). Fafler can sudo to do stuff as root, bruger cannot, as i wrote the password on the laptop and i don't want anyone to mess it up beyond making another clean account.
Now, to get root access from the bruger account, i need to
Code:
bruger@carbon:~$ su -c "sudo whoami" fafler
Password:
[sudo] password for fafler:
root
bruger@carbon:~$
and i need to sype my password twice.
So, how do i setup sudo to ask for fafler's password instead? Or are there any other neat tricks to get around this?
View 4 Replies
View Related
Nov 8, 2010
I have (my) main account, which I have root access. I also have other users which can login, I setup wvdial shortcut on their desktop, but it won't allow them to use it because they aren't in sudoers list. I do not and don't want them to have access to other hard drives or root. How do I accomplish this? I did a chown on the wvdial file in ppp to myself, and added read access for other users, but still won't let them use wvdial due to sudoeers.
This is in ubuntu hardy with a multiboot vista/xp/hardy laptop. BTW, wvdial works great in my account/desktop.
View 4 Replies
View Related
Apr 22, 2011
Having trouble adding a regular user with ssh access on Hardy 8.04. I can ssh into root, but not into the newly created regular user with the same ~/.ssh/authorized_keys
Code:
sshd_config has:
AllowGroups sshlogin
AllowUsers user root
[code]....
what could be preventing ssh login to ~user? And yes I would like to disable root ssh access, but it would be nice to be able to ssh into user first
View 4 Replies
View Related
Jun 5, 2010
How do I add root permissions to my user account?
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
View 12 Replies
View Related
Apr 7, 2010
I just want to disable rm command for an user..Root only need to use that
View 14 Replies
View Related
Apr 8, 2009
I have a windows 2003 active directory and dansguardian transparent web filter. I want that dansguardian filters according by whom is logged on the workstation. Can this be possible?
View 2 Replies
View Related
May 24, 2009
This question is regarding squid based security. We would like to enforce browser security onto our users and would like to know if anyone has performed this. Our goal is to check a users browser version/plugin level before allowing them to access the internet in our organization. If their browser does not meet a standard compliance level such as patches or if they are using i.e. 5.0 we would redirect them to a page telling them that they need to update their browser before access will be permitted. Has anyone performed any types of checks like these?
View 4 Replies
View Related
May 25, 2011
I would like to detect every login on my server. Not only ssh logins (virtual terminals) but also physical logins.There is a way to use nagios or a script to watch log files.But I would like to know is there a way to catch that information one step before.I thought about watching /dev/pts for changes but that is not different than log watching and everything does not appear in /dev/pts like a ssh tunnel (ssh -N user@server). These are only visible in logs because ssh tunnels do not open terminals.But I would like to be able to catch these on login.
View 8 Replies
View Related
