Re: [[cobalt-users] Server Hacked?]

[spamcatcher <spamcatcher@xxxxxxxxx>]

Perhaps we can have a tread of safety steps we can take right now to help 
secure the server? I know turning off telnet is the "big" tip, but are 
there others?

While I am on the topic of tips, does anyone have any tips or 
step-by-step guide of what and where to look if the server is compromised?

To kick things off, I'll give a play-by-play (in a new message) of what 
had happened to my server so others may learn from it.

Regards,
Kar Mui

>> From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
>>
>> In case anyone's planning to take me up on the offer, it was actually made
>> tongue-in-cheek; I don't want to try to break into anyone else's
>> system(s).  The liability is too great.
>>
>> Jeff
>
>Come on, please, we want a play-by-play!
>
>I think it would be wise of us all to take note of security issues that 
>are raised and do what we can to implement
>a fix or protect against these risks, a laissez-faire (sp?) attitude of 
>"Well, 15 GaBillion people had my root
>password, but they were all cool enough not to F&*( with my machine so it 
>must be OK" is not a wise decision. Too
>many of those script-kiddies everyone refers to.
>
>If this many people say telnet is bad, then log into your machine as one 
>of your users and see what you can do. I
>guess by giving telnet access your essentially letting someone sit down at 
>your computer and saying have at it.
>Even if the person that you give access to has the most integrity and is 
>your best-friend, was highly competent,
>and would never screw you, it doesn't matter because anyone that knows 
>anything can listen for your best bud to
>login via telnet, swipe the username/pw and their off. Maybe all these 
>people have a point...
>
>Joe
>
>BTW, I turned off telnet a long time ago after installing ssh 1.22.27 (I 
>think)
>
>
>
>
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>