[cobalt-users] AMDROCKS -- hacked systems

[Dan Heller <argv@xxxxxxxxxxxxx>]

> "James D. Williams" <jdarden@xxxxxxxx> wrote:
> Can anyone tell me what AMDROCKS is and how to protect my server in the =
> future? I understand that this was a security issue with this server.
> Some jerk hack into my RaQ3 and left behind AMDROCKS. My hard drive had =
> to be replaced and I am still waiting for the server to be put back on =
> line.

This exactly same thing happened to me. Believe me, he left behind a lot
of other things too, and my system had to be replaced as well. He also
left a script that emailed himself things, and his email address is
    lawkxxx@xxxxxxxxxxx
I cought a script trying to send system status information to himself.

I talked to cobalt and my ISP about this, and both replied with
deafening yawns, despite my ability to track down a lot of other
incriminating evidence.)

I see you're using @home -- as am I -- and that means that you've got
a static IP address, which means that people can sniff your packets and
look for things like login/passwords. Assuming you telnet, or do
anything in cleartext, I highly recommend two things that I learned
after the fact.

1) Login ONLY using an SSH-secure login session. (Use use "SecureCRT"
from www.vandyke.com)

2) Use a secure FTP app, also frm vandyke, called SecureFX.

3) use a firewall on your home PC -- I use zonealarm from www.zonelabs.com

(1) and (2) are paid for, but (3) is free.


-- 
	--dan

Photo Gallery:  http://www.danheller.com/