Ubuntu Security :: Data Cha0s Connect Back Backdoor

Aug 28, 2010

I believe that the attacker somehow got in through the ssh daemon(OpenSSH 5.3p1) on June 12. From here, a user account named "crond" was created(can anyone confirm weather this is normal?) and according to the log, this account was accessed several times between Jun 12 and Jun 18 from the same ip address. Also on Jun 12, the MOTD on the ssh server was messed up and remained that way until it was reinstalled. The default ssh client(OpenSSH 5.3p1) was made completely non-functional.

I became alerted to the problem when my ISP advised me to run a virus scan on the machines on my network. Not knowing of any linux based anti-virus software, I decided to check for suspicious files on my hard drive. I found one, in the /tmp directory was a subdirectory called ".popscan". Inside was a script and a list of about 40 very default sounding usernames and passwords. There was also a file called "back.txt" in the root of my filesystem. Which is a pearl script that aparently spawns a shell.

At this point I disconnected the server from the internet and mirrored the drive. I found a suspicious home directory for "crond" I'm hesitating on setting up the server again for fear that it might just get rooted again. I would also like to find out how he got in so it can be prevented for other people aswell.

View 6 Replies


ADVERTISEMENT

Ubuntu Security :: Possible Backdoor On Computer?

Apr 13, 2010

I was looking at my firewall(firestarter) logs. It shows that a program named Master's Paradise has been trying to make connections to outside from my computer on port 3129. Why would I have something like this on my machine? Is this something I need to be worried about?? Or is some legitimate program using port 3129 and the firewall log is still showing it as Master's Paradise?

View 9 Replies View Related

Ubuntu Security :: Hidden Backdoor In AT&T 2Wire Modem/Router?

Aug 11, 2011

My 2Wire router/modem I got from AT&T for my DSL has port 3479 TCP open and I can't figure out how to close it. It's open to the entire internet. From a quick google search it's some port AT&T can use to update the modem's firmware or something.Consider how in bed AT&T is with government agencies it seems like a easy way for the government to get into my home network just by using what seems to me a backdoor put there by AT&T. Anyway to close this or secure it. Right now I'm using the hardware as my main router for my home network. I have Linsys I modded with DD-WRT. I'm thinking of re-configuring my network to use the DD-WRT router as the main router and the 2wire just as a modem. The 2wire is a hybrid modem/router and I'm kind of lazy and don't feel like re-configuring my entire network if I can just close the port.

View 9 Replies View Related

Security :: Connect To Another Server (B) To Transfer Data Everyday?

Apr 13, 2010

I have a server A that needs to connect to another server (B) to transfer data everyday.[A] ==SFTP==> [B]

I am using SFTP for the data transfert between A and B. I configured B to allow authentication only with a key, not with password. However, anybody who acccess the filesystem of A, could steal the password.

So I thought I could password protect the private key from A. But in such a case, I need to store the password somewhere on A, so the server A can access the private key to connect to B. Finally, it is endless: i always have to store somewhere a secret on A. Is there another solution that allow to have an authentication between A and B without storing plain text secret on the server A ?

View 12 Replies View Related

Ubuntu Security :: Www-data Security Permissions?

Mar 17, 2010

I'm running Apache2 under uBuntu 9.10. My problem is that I use my own user "wavesailor" to work on my websites. I kept all my sites under /var/www and I set up the security of the directory after following the guidelines.

Code:
sudo chown -R root:root /var/www
sudo chown -R www-data:www-data /var/www/*

[code]...

View 4 Replies View Related

Ubuntu :: How To Back Up My Old Data Before I Reinstall

Oct 22, 2010

Okay so I made a mistake and I have to reinstall Linux (see: http://ubuntuforums.org/showthread.php?t=1602329)

Since I can no longer boot to my existing installation (the graphical version OR the text version), I am having trouble saving off what I don't want to lose.

Can I boot from the CD and get to my stuff through there? I am in the CD version of Mint right now (posting this) and I cannot navigate to /home/myusername/ (obviously). So where would I find those files?

Do I have to mount that partition or something? It looks like a lot of my stuff is mounted already in this CD version... which worries me.

An alternative is that I still have Windows 7 installed that I can boot to if needed. If thats a way to extract my files I am all for it.

View 4 Replies View Related

Server :: Create Backdoor Account To Use To Get In If Divulge Root Password

Nov 23, 2010

I have a Debian VPS webserver running a forum, and I'm currently looking for a secondary tech-admin. Since they'll have to have the root password for the server, I'm looking for a way to create a backdoor account that I can use to get in if they divulge the root password, or go crazy and lock me out. Is there a way to do it?

View 14 Replies View Related

Slackware :: H Article: Vsftpd Backdoor Discovered In Source Code?

Jul 4, 2011

Before anyone panics, the source tarball for Slackware 13.37 doesn't appear to be the "bad" tarball that Chris Evans mentions here:

[URL]

Code:

$> sha256sum vsftpd-2.3.4.tar.gz
b466edf96437afa2b2bea6981d4ab8b0204b83ca0a2ac94bef6b62b42cc71a5a vsftpd-2.3.4.tar.gz

I checked str.c for the call to vsf_sysutil_extra() if the user is specified as and I also checked for the rogue shellcode in sysdeputil.c but I didn't find it, so it looks like the backdoor was uploaded recently.

[URL]

Quote:

Chris Evans, aka Scary Beasts, has confirmed that version 2.3.4 of vsftpd's downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd - which is described on its web site as "probably the most secure and fastest FTP server for Unix-like systems" - was alerted on Sunday to the fact that a bad tarball had been downloaded from the vsftpd master site with an invalid GPG signature. It is not known how long the bad code had been online.

The bad tarball included a backdoor in the code which would respond to a user logging in with a user name "" by listening on port 6200 for a connection and launching a shell when someone connects.Evans has now moved the source code and site to [URL] a Google App Engine hosted site. The GPL-licensed source code can be downloaded (direct download) from the same site, along with the GPG signature for validating the download, a step that Evans recommends. Evans says that the lack of obfuscation and lack of victim identification leads him to believe that "perhaps someone was just having some lulz instead of seriously trying to cause trouble".

View 1 Replies View Related

Ubuntu :: Accidently Lost External Data / Get That Back?

Jul 29, 2010

So I am working on a clients PC, and after I saved their data on an external hard drive I left it plugged in while I reinstalled Windows for them.....I HATE Windows. Stupid OS doesnt know any better than to just go deleting everything. Ubuntu would have known better than to delete multiple hard drives like that.

Anyway, please tell me I can salvage this data for my client? It was probably just reformatted. The data should still be there right?

View 4 Replies View Related

Ubuntu :: Mistakenly Lost Data From External HDD / Get That Back?

Sep 21, 2010

I have a problem I don't know how to solve. Today I bought a netbook and while waiting for the new Ubuntu Unity release to come out, I thought of trying out Crunchbang instead of Windows that came with it. Browsing on my Ubuntu desktop machine, I found a guide for making Crunchbang live USB stick, and i followed the procedure. However, I made a very stupid mistake. The guide said I should enter the command:
sudo dd if=/path/to/iso/crunchbang-10-alpha-01-openbox-i686.iso of=/dev/sdX bs=4M;sync

where "of=...." part should be replaced with the name of the HDD. I forgot that I have an external HDD mounted and mistakenly copied the data to it.
After this, I cannot see the content of my external HDD anymore. Instead, i have this 620mb large Crunchbang-install device.

I know what I did was stupid, but is there a way to get the content of my HDD back? I have some valuable data on it.

View 4 Replies View Related

Fedora :: Lost My Old Data / Get It Back?

Jan 26, 2010

I was trying to free some memory as my /var was about to fill.I went to Add /remove software and ried to remove some of the unwanted software and it asked for dependency and i clicked ok.After a while i saw some of my aplication like Evolution,Empathy blackening and i killed the Uninstallation. I was sure by time that something wrong has happened and i did not switch off my monitor so that i can retain my application.I tried lot to increase teh /var so that i can update my yum and install some lost application but allin vain i tried Gparted which can only decrease the size .
I had 40 GB unallocated space so i tried to boot from Live Fedora 12 DVD and was able to see my all the files and filesystem.
All my data in /home was intact.I tried to go to grub and went to boot hte kernel and Initrd and was able to go to #root but again was not able to update the system as network was missing.The SYSTEM was Not booting and stuck in between.
Tried to change the /var to var1 copied /var content to /var1 and made changes in teh /etc/fstab still did not work ,so finally went to repair with Live cd but could not get "Linux rescue" anywhere not even to upgrade option so finally installed the New linux without touching / and /home partition rest were deleted and formatted for new instalation.Now i could not see my data in /home directory although i could see data in /root(old) and all ..i am now lost ..my data is nowhere ..please help me.I can only see /home(old) but it says empty and shows 6 GB unused and 3.3 GB used when seen in Gparted .

View 14 Replies View Related

Ubuntu :: Unmounting USB-drive (flash Memory) - Get Data Back?

Jan 6, 2010

I stupidly unplugget my USB-cable, which was connected to my Nokia music phone, just as if I were in Windows. What do I do? I've lost my music on the phone, or, it seems it may be there (the correct mass of data), but my phone now tells me there is no music... Can I recover this? And - what is the correct way to unplug a USB unit in Ubuntu? To make it work, and find the phone/drive - I just typed "sudo lsusb" in the terminal, and it found and opened the memory automatically... How should you unmount the USB, and maybe even how do I get my data back?

View 7 Replies View Related

Debian :: How To Use Time Machine On Mac To Back Up Data

Apr 12, 2016

I want to back up my data on my MacBook Air using time machine. I have a desktop with Debian gnome installed where I want to store my back up data. But I can't manage to find a hard drive to start time machine on.

I have four hard drives installed in my Debian computer and I also want to share them over my home network. I am very new to Debian ...

View 6 Replies View Related

Red Hat / Fedora :: Growing RAID5 Without Back Up Data?

Feb 15, 2011

I am trying to build a media server for my home and still in the process of evaluating my OS options (Ubuntu Server, Fedora Core, or Win Server). I am planning to use four 1TB drives initially for the RAID5 array. Once it fill up i will add more 1TB drives.

My question is can Fedora Core create a RAID5 array and grow latter without having to back up data to external hard drive and re-create the array? I am looking for something that is easy to use and manage. If Fedora Core doesnt have this option, can you recommend other distributions that can do this?

View 1 Replies View Related

Fedora :: Growing RAID5 Without Back Up Data?

Feb 15, 2011

I am trying to build a media server for my home and still in the process of evaluating my OS options (Ubuntu Server, Fedora Core, or Win Server). I am planning to use four 1TB drives initially for the RAID5 array. Once it fill up i will add more 1TB drives.

My question is can Fedora Core create a RAID5 array and grow latter without having to back up data to external hard drive and re-create the array? I am looking for something that is easy to use and manage. If Fedora Core doesnt have this option, can you recommend other distributions that can do this?

View 2 Replies View Related

General :: Data Lost While Coping Files / Get Them Back?

Dec 8, 2010

A directory /test/test1 is created & under /test1 there are some files & subdirectories with data in it. I had copied the files (text & script files) with command as,

cp -irv /test/test1/.* /test as per the requirement but what i see in destinarion i.e, /test that no files or directory has been copied in /test & the files/directories is also removed from source i.e, /test/test1

so my query is how can i get the files/directories back with data?

View 6 Replies View Related

General :: Best And Easy Tool To Use In System To Back Up Data From Windows?

Apr 20, 2010

I want to know which backup tool is used in Linux to back up data from windows machine to linux machine, is amenda? Please guide me.

Also tell me where to download it from?

View 6 Replies View Related

General :: Can't Format Kingston 8GB Data Traveller G2 - Fix Partition Table Back?

Oct 25, 2010

I used a Kingston 8Gb flash drive as a live usb recently (copied the live iso image over using dd). I am done with the installations and all but seem to have a problem. i cannot format my flash drive. It now shows as a live CD (800 or so mb). Is there a way to fix the partition table back? I guess if i copy a partition table image from some other 8 gb drive that might fix the problem but i dont have any other flash drives. Is there a solution possible or am i stuck with a live usb forever

View 1 Replies View Related

Server Platforms :: Partition Table Deleted - Get My Data Back Safe Without Losing It ?

Mar 6, 2010

I've initialize a virtual disk and deleted the partition table didn't notice that i've done that to the wrong one, data still on the physical hard disks but....how I'll get my data back safe without losing it?

View 4 Replies View Related

Ubuntu Security :: Back Up Software From The Repos?

Nov 2, 2010

I need a program that can be configured to detect new/updated files in my home directory and make a copy off these files to a truecrpyt encrypted external hard drive. Does such a program exist in the repos-and a good one too if possible-i dont want my drive becoming corrupted or the program missing files to copy etc

View 4 Replies View Related

Ubuntu :: 9.10 - Can't Connect To The Net And Always Falls Back To AutoEth0

Jun 1, 2010

I just upgraded to Ubuntu 9.10 on one HD. Now I have no internet with 9.10. The dsl connection I used to upgrade is still there, the password is correct, but it can't connect to the net, and always falls back to AutoEth0.

View 14 Replies View Related

Ubuntu Security :: Apparmor Profile Deleted / Can't Get It Back

Jun 21, 2011

i was trying to edit my firefox apparmor profile. I used aa-genprof, and accidentally closed the terminal before the program was finished. Firefox wouldn't load properly after that whenever it was enforced. I uninstalled and reinstalled the profiles, but it didn't help.Finally I deleted the files for the profile itself ... now it will not reinstall them..I marked all the apparmor packages for complete removal and then reinstalled them but it will not put the original firefox profile back in.

View 2 Replies View Related

Ubuntu :: Roll Back Updates - Connect A Usb To Vmware Xp Box

Jul 14, 2010

I updated this afternoon and once my updates were done i went to connect a usb to my vmware xp box. I got a usb error that windows could not use the usb. So i rebooted vmware and got the same thing... I then shut down vmware and rebooted my machine.. once i logged into the machine and launched vmware i no longer can see any of my usb devices.

I would like to just rollback the updates so that i can use my vmware again.. as i must transfer cad files to the pc with usb. Autodesk only works in windows so vmware has been a blessing as i dont have to reboot every time i need to work on drawings!

HOST: lucid 10.04
guest: XP PRO sp3
VM ver: 7.1.0 build-261024

View 2 Replies View Related

Ubuntu Security :: Iptables To Redirect Traffic Back To Its Source

May 3, 2011

I'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.

View 7 Replies View Related

Ubuntu Security :: What Data Does Website Log When Pc Visits It

Feb 27, 2011

For example would a website log the mac address of my ethernet adapter and my computer name?

View 4 Replies View Related

Ubuntu Security :: Back Up All Systems To An External Hard-drive Using Rsync

May 20, 2011

I have an OpenBSD and a FreeBSD system and a mac. I also have a Ubuntu server. What i would like to do is back up all these systems to an external hard-drive using rsync when the external usb disk is connected to my Ubuntu box.If i format the external usb disk with cfdisk and the create a non-bootable ext3 file system on this external disk and create and put all the necessary public keys on the Linux box then from the BSD's or the mac issue the command:

Code: #rsync --progress -avhe ssh --delete / user@ubuntuBox:/usb/disk/path/dir/ Will this back up the entire systems so that they can be restored in the event of an emergency? I should store each OS just in a separate disk file of the external usb drive each time right?? Because i would rather not have to format the external usb drive for each different OS. Would this work? and would the restoration command for these BSD's be:

Code:
rsync -avze ssh UbuntuBox:/usb/disk/path / I just need to know the basics. I'm sure given that i'll be able to automate the process. I don't want to clone the disks for forensics. I just want to have a way of restoring to a clean OS. This is the most basic question:All the howto's never mention whether or not you have to have an rsync server running on the machine your backing up to. So do you just push or pull from one end of the connection only or do you have to have a client at one end and a server at the other, as is traditional?

View 3 Replies View Related

Ubuntu Security :: Use To Encrypt All Data On USB Flash Drive?

Apr 18, 2010

Folks:What can I use to encrypt all data on my USB flash drive? If possible, could I use something that has a public Key, so I do not have to type in a password to access the information when I plug the drive into my machie, but will not open or display contant if the drive is plugged into anyone else's machine, unless they have the public key?

View 7 Replies View Related

Ubuntu Security :: Alerts When Apache LOGS Contain Certain Data

Jul 10, 2010

Does anyone know of any software that can monitor the Apache logs for certain phrases or keywords then send an alert when found? For example I know an attempt to hack has been made when I see log entries like this....

/admin/
/admin/phpadmin/
/phpadmin/

But by the time I see it, the attempt has long since failed or succeeded. What I need is a way for my server to alert me WHILE someone is entering these phrases. I realize there may be a "hit" to performance but my server is not that busy anyway (except for hackers).

View 3 Replies View Related

Ubuntu Security :: Check Data Flow For Viruses?

Aug 2, 2010

i was thinking that is there a way to check data flow for viruses? i mean if i set up calm av in my internet sharing server could it detect anything in incoming and outgoing data ?!!

View 2 Replies View Related

Security :: NTFS Data Recovery From Ubuntu Live CD?

Dec 6, 2010

I have a windows install that is totally hosed, bluescreens, etc. I want to try to force mount it from Ubuntu to get whatever data I can, but it won't allow me to mount. It keeps telling me to run chkdsk /f and reboot twice. But that's not possible. I was wondering if there are any ntfs tools for Ubuntu or any data recovery tools I can use to get what I can from this drive.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved