j****y
发帖数: 75 | 1 my ubuntu 10.04 server was hacked. The last time hacker came in was July 17.
He/she modified the Grub and started in a new kernel.
I disconnected the computer I don't know how the computer was hacked. Do you
guys have any clue? thanks. |
f*********e
发帖数: 8453 | 2 ft, this is too broad. You should provide more details. Some simple ones:
Did you allow root access from ssh?
Do you run any program (fail2ban, iptable rules) to stop brute force hacking?
17.
you
【在 j****y 的大作中提到】
: my ubuntu 10.04 server was hacked. The last time hacker came in was July 17.
: He/she modified the Grub and started in a new kernel.
: I disconnected the computer I don't know how the computer was hacked. Do you
: guys have any clue? thanks.
|
j****y
发帖数: 75 | 3 I installed ubuntu 10.04 as default and didn't config iptables.
a user name was created during the installation, who can sudo
SSH is open; samba is open so that I can copy files from windows machine. |
d********g
发帖数: 10550 | 4 一万遍啊一万遍
http://library.linode.com/security/basics
【在 j****y 的大作中提到】
: I installed ubuntu 10.04 as default and didn't config iptables.
: a user name was created during the installation, who can sudo
: SSH is open; samba is open so that I can copy files from windows machine.
|
f*********e
发帖数: 8453 | 5 Maybe you should start by checking your log first: /var/log/auth.log
See if there are lots of failed login attempts.
【在 j****y 的大作中提到】
: I installed ubuntu 10.04 as default and didn't config iptables.
: a user name was created during the installation, who can sudo
: SSH is open; samba is open so that I can copy files from windows machine.
|
j****y
发帖数: 75 | 6 I will check and put more information. |
L*******r
发帖数: 8961 | |
