[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
T Brownen wrote:
Dear JamesMany thanks for your input, I am pleased that you can make a living from fixing Unix based malware. I to have heard it happens but I have yet to find it happens to me or anyone I know, I totally agree to be complacent is looking for trouble.What should we look for, what protection should we use.Please help us all and divulge your secrets, then maybe we can have a hack prove Linux
In a (probably vain) attempt to turn this thread into something actually useful, let's take an example... There was a Linux kernel issue discovered in the early part of 2009 that allowed anyone with access to a server to obtain root privileges where the kernel supported modules and had a fairly common set of modules available on the system. This was an issue in all 2.6 kernels, and, IIRC, all 2.4 kernels as well. Anyone able to get any kind of shell access to such a server could compromise it and gain root access. The usual vector for such attacks is insecure web applications, often those written in PHP because they can be very widely deployed, though there are plenty of scanners running dictionary-based password attacks against ssh, or against POP3/IMAP in the hope that email accounts will be using user account details on the same machine. Once allowed access to a shell the hacker gained root privileges and installed all sorts of back doors and hacks so that even should the compromise be discovered or closed, they'd still have access to the server. At the time I was involved in recovering at least one server a day compromised in this way for a week, whilst hearing about many more that had been hacked in the same way and from past experience I know that far more people actually get hacked than admit the fact to anyone else. So the point is, if you run any server, you keep on top of OS updates, you set up the firewall and whatever other security measures you can, you track any third party software you have installed for updates to that, and you install systems for monitoring what's going on with your servers so you notice if something untoward is happening. And, at the risk of self-promotion which I really don't want to stray into as there are plenty of other competent people on the list, if as a commercial organisation you can't do it yourself, *pay someone else to do it*, because what they charge will be peanuts compared with what you stand to lose if you don't really know what you're doing. Here endeth the sermon. James -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html