Ubuntu Security :: Secure A Terminal Server, So That It Can't Be Hacked By Bruteforce/divtionary Tools?
Oct 8, 2010How to secure a Terminal Server. so that it can't be hacked by bruteforce/divtionary tools ?
View 7 Replies
ADVERTISEMENT
Security :: Server Hacked By Opyum?
Apr 11, 2011Awoke to millions of failed SSH attempts into my public server. Behind a firewall which forwards only SSH and HTTP. Local iptables deny everything except SSH and HTTP. Exact same symptoms and results as Chris over at his site: here.I just want to know how they managed to execute a script, or make changes etc? Here's some info:According to cat /var/log/secure | grep "Accepted" no one besides myself gained entry via SSH.The FTP account (500:48 (Purposely in apache group)) is chrooted to a 775 directory and vsftpd does not accept anonymous entry. vsftpd and xferlog's are empty?
Code:
You have new mail in /var/spool/mail/root
[root@dev etc]# tail /var/spool/mail/root
[code]....
Ubuntu Security :: Password Hacking By Bruteforce?
Jan 4, 2010I think it is very easy to hack passwords in Linux, but I did not try it yet. If you use sudo you get 3 attempts for the correct password. But if you get enough time it should be no problem to hack it by bruteforce. Imagine a script an attacker places on your machine which runs for a few hours or days. I think it is much more effective to delete the user out of the admin (or adm?) group so that user cannot be any danger anymore. You would have to login with root and readd the user then.
You now say: but if you login with root you got almost the same effect as with sudo. Of course it is the same. That is why I would use a system (not sure which yet) to create sub enviroments of your OS, which got the attribute that they can run without root, only got one account that can sudo and once sudo access is denied there is no other way to login as root. You just can repermit sudo access by the parent os layer.
Security :: The Server Was Hacked From So Called Tor IP Address?
Nov 14, 2010I always use professional services to secure my servers. Everything was fine for years but a week ago my server got hacked.I don't know how the hacker got my username/password - it was not something like admin, password.9 months ago my PC was infected with some virus which connected to the FTP server by using password which was saved in CuteFTP and infected all index files with some javascript. Then I changed the user/FTP password and didn't save it anymore in Cute FTP. Of course, I checked all the folders and re-uploaded all infected files. Is it possible that this virus uploaded some hidden file which was able to get the new password for this account?
The server was hacked from so called Tor IP address. I am tiref of worrying about server security and now have an idea to get a static IP address from my ISP and to allow logins only from this IP address. What do you think about it? This idea looks good for me but are there any risks to lose access to the server. Can ISP provider change the static IP address for some reason?
Ubuntu Security :: Server Hacked - Ethernet No Longer Working
Jun 19, 2010My server (Ubuntu 10.04 desktop) was hacked. I had my ethernet plugged in to an Intel 82557 Ethernet Pro card (Pulse) when my server was first attacked. After it was attacked I reinstalled the system but my ethernet card still would not work. Ubuntu recognized it, but it is continually disconnected and the little status lights on the card do not light up anymore.
So then I plugged the ethernet to the mother board itself. Well, my server was hacked again and now the ethernet on the motherboard does not work. Again, Ubuntu (after a reinstall) recognizes the hardware but nothing happens when I plug the etherent in. The motherboard is a BioStar P4M900 VIA chipset. I have a few of the system logs here [URL] which I saved right after the first attack.
Security :: Server Hacked - Finding Process Behind Sending Emails
Jun 13, 2011I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies View RelatedSecurity :: Qmail Hacked In Server \ Cannot Find Any Suspicious Script Running Using Ps Xaf Command?
Jan 3, 2011My server is probaly hacked and sending spam emails. I see them randomly in maillog (/usr/local/psa/var/log/maillog, server has a plesk panel), sometimes a few in a long time, sometimes a lot of them.Here is a sample of it:
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: Handlers Filter before-remote for qmail started ...
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: from=root@acv360.com
[code].....
Security :: Server Hacked When Try To Log In Type Root But Won't Let Type A Password?
Jun 22, 2010I have a server hacked when i try to log in i type root but won't let me type a passwdthere are no services up, can't see page mail nothing
View 11 Replies View RelatedUbuntu Security :: Better Way To Secure My Server?
Jan 26, 2010I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
Ubuntu Security :: Need To Secure My Server
Feb 19, 2011Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies View RelatedUbuntu Security :: What Is A Best Way To Secure A Server?
Jul 27, 2011what is the best option to securing server via firewall and iptables?
View 9 Replies View RelatedUbuntu Security :: Secure My Server From The Internet
Feb 3, 2010I am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.
Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).
Ubuntu Security :: 11.04 Server - Allow UFW Outgoing Secure?
Jul 20, 2011I have a minecraft server running on a P4 box running Ubuntu server 11.04 64bit. Now would it be secure, if I allowed ufw to allow outgoing? Or would this be a huge flaw someone could exploit?
View 6 Replies View RelatedSecurity :: Ways To Secure Sendmail Or Secure Alternatives To Send Mail
Dec 1, 2010I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
Security :: SSH Setup To Secure Server In Best Way
Feb 12, 2010I'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
Security :: Secure Samba Server With Kerberos?
Jul 17, 2010Is it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.
View 1 Replies View RelatedSecurity :: Tools For Securing Mail Server?
May 21, 2011iam working on mail server in redhat centos. i want to know how to secure my mail server for heavy loading , any monitoring tools in GUI or console , is any essential tool which is used in Like MNC for mail server..
i know few command in like top,netstat,etc through google but i willing to know some more
Ubuntu Security :: Ways To Secure Server Setup With Apache?
Jun 19, 2010I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies View RelatedSecurity :: Make Server More Secure And Get Rid Of Paranoid Feelings?
Feb 9, 2010I have installed my linux server on the Internet witout a router/firewall between. To secure it I used iptables and it works fine. The problem is that I'am not feeling secure enough with only iptables. Is there anything else that I can install to make my server more secure and get rid of my paranoid feelings?
View 8 Replies View RelatedServer :: Secure FTP For Around 500 Users Which Includes Security Level On Both
Aug 7, 2010As per our requirement, I need to implement a Secure FTP server for around 500 users which includes security level on both - Transfer and Rest data. Apart from this I also need the following features -
1. Size quota on Users & reminder mails for the same
2. Password expiry notifications and user interface to change their password within specified time interval
3. Aging of data - After specified time, data will be moved to some other location from their home directory
4. All type of log maintenace for each file and user and log exporting
5. Uploading & Downloading speed consistency as per server level.
6. Read-write interface for user and read-only interface for their client for the same account.
7. Backup and Recovery options.
As of now, I am using VSFTPD which does not give these much of features in combine.
Ubuntu Security :: Using Lucidlynx - How To Know If Some One Hacked My Box
Mar 8, 2010I want to know if any one hacked or getting into my computer. I am using lucidlynx right now, My computer directly connected to modem, not using any wireless router. How can i check if some one hacked? How to prevent it?
View 6 Replies View RelatedUbuntu Security :: System Hacked / What's Going On?
Jan 3, 2011I have a 6yo laptop...z60m. Solid little thing that I knocked around so much the hinge broke. My dad jerryrigged it so it can stay open.
So now I use it as a glorified DVD player. Then, around February the hard drive died. I put it in fresh, loaded a couple of regular games and the DVD modifications to play DVD's. So, besides the basic upgrade to 9.1 not much as been done.
Well, last week my panel disappeared. I procrastinated and last night I got on the computer. I did F2 and "xfce-panel" and my panel reappeared exactly how I'd last tweaked it.
With on exception. This blue globe, "Akonadi" had mysteriously appeared.
Thing is that I haven't installed or updated anything for 8 months...why? becuase I haven't had this thing connected to the Internet. The wireless tower has been on. (my bad) but all of the signigals in my neck of the wood are encripted so I just let it be.
I don't know where this program came from. Is it loaded in xubuntu? Why would it show up? And furthermore if there was someone with malicious intent (unfortunatly I do have to take that into consideration) have put this on for data collection?
Ubuntu Security :: My Computer Is Being Hacked / What To Fix It?
Feb 27, 2011I have windows computer and it is being hacked.About month ago or more some one hacked my router and install new firmware from Firmware Version: Talisman/Basic V1.2.9a
My router is linksys and SSID got changed to sveasoft.I had WPA set up and MAC filtering .
Some one hacked my router and change Firmware Version.And user name and password also got change to just admin.
Well now I got a pop up from my Kaspersky saying network attack scan.generic.TCP 74.63.245.168
only thing I can find on it http://whatismyipaddress.com/ip/74.63.245.168
It is Limestone Networks in Dallas.
Some strang things have been happing to my computer in past 4 months and is getting worse.
I have no firewall or router now.And have not gone to the store and get new router yet and I'm thinking of formatting my computer and putting linux and get good firewall like zone-alarm.
Security :: Monitoring Tools For Squid Proxy Server
Feb 9, 2010is someone can guide the best open source tools to monitor as webbase,gui,shell prompt
View 1 Replies View RelatedUbuntu Security :: Warning Signs Of Having Been Hacked
Feb 19, 2011I had a serious breach of the cellular segment of my communications network this week. All I can say is nobody got hurt. The attackers also knew where to find me via email. I'm concerned that perhaps they've penetrated this aspect of my system as well, although they seemed pretty specifically focused on the phone. There have been no changes on anything on my computer, and of course, I went ahead and changed all the passwords. How can I verify or at least look into the possibility of having been hacked as well.
View 8 Replies View RelatedUbuntu Security :: Computer Has Been Hacked / Monitored?
Mar 22, 2011my computer has been surely hacked for at least more than two months; my private information are being hacked and spread around! I initally used Windows Vista and I had the firewall off and no antivirus software. When I realized that my OS had been hacked, I began turning my firewall on and installing security softwares, but nothing stopped the hack.
Yesterday, I erased all my partitions and installed Ubuntu 10.10. I installed rkhunter and a firewall. I changed my static IP adress, at least for the sake of knowledge, to another one, then I got disconnected since my router only allows my old IP.
When I'm about to write my admin password, I disconnect from the network. I've scanned my system using rkhunter, and the result is a list of 30 suspicious files!
Can I adjust my router in a way that it can allow any IP adress? If yes, can I have a non-static IP adress? How to prevent the hacking in the first place? However, I believe, I don't know yet, that my Ubuntu has also been hacked...
If I can't get rid of the hacker(s), then I should permanently disconnect from internet and find another way to receive information anonymously through the internet.
Security :: LAN Hacked - How To Find Infected Machine
Jul 3, 2009I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies View RelatedSecurity :: Secure And Automated Backups - Add Public Key To Authorized_hosts File On Prod Server?
Mar 13, 2010I'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
View 10 Replies View RelatedSecurity :: Secure Solution To Transfer Data Using Rsync Over Internet Between 2 System Server?
Jan 2, 2010I'm looking for a most possible, secure solution to transfer data using rsync over Internet between 2 linux server.
I have 3 option: SSH, IPSEC and Kerberos.
Which one in your opinion should be most secure solution?
Ubuntu Security :: Can Be Hacked When It Is Installed As A Dual Boot With Windows7
Apr 13, 2010I need to know whether Ubuntu can be hacked when it is installed as a dual boot with W7 by hacking windows and getting access to the Ubuntu partition?
What I would also like to know if this way can be used to put a key logger or screen capture in Ubuntu which installs next time Ubuntu is started?