Off-Topic > Off-Topic - Tiny Core Lounge
hacked - need advice
alu:
one of my wlan servers has been attacked recently; i am running mc 2.7 without firewall on it, and i control it by ssh; i have vsftpd on and 3 users in ~ added to tc; i just wanted to share some pictures and video of familly with relatives and friends; i have a fixed ip (from provider) and i have forwarded 21 and 22 ports.
the att-hack: a hacker has hacked a user account in ~ on the server, and he has installed a rtpd daemon; i have no damage on anything, but my connection was obviously very low. It tooks me a couple of hours in order to find the problem.
first reflex: i have restarted the server and installed the tinycore-2.6.29 firewall; but i want to prevent such attacks in the future and want to know your mind about possible solutions in order to secure my server at best.
robc:
I always disable external uptime detection and icmp ping responses. Makes it harder to find. Just put this in bootlocal.sh:
--- Code: ---echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
--- End code ---
With vsftpd you can change the ftp port number, I would change this to a unique number (http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers). I would also utilize the chroot ftp features in vsftpd. The ssl version can also be used, depending on who the attacker is and the strength of your cert this can either improve your security or make it worse. There are many options with this, I would recommend reviewing the configuration options here: http://vsftpd.beasts.org/vsftpd_conf.html
curaga:
If you haven't already, enable syslog. And just to be sure, change all passwords.
gerald_clark:
Get rid of ftp and use scp.
althalus:
--- Quote from: gerald_clark on December 30, 2009, 05:10:19 PM ---Get rid of ftp and use scp.
--- End quote ---
And disable ssh access via passwords and only allow access via keys. Show your friends and family how to use winSCP to access the files.
Navigation
[0] Message Index
[#] Next page
Go to full version