Solved

hacked by rk.tar.gz

Posted on 2001-07-30
4
1,034 Views
Last Modified: 2008-02-20
my linux redhat 6.2 server was hacked by rk.tar.gz.
someone can login to my server by a port without password protection.
and he can listen to port 110 to gain my clients' passwords.

Ang suggestions that I can do to protect the server now?
0
Comment
Question by:klnhk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6334370
Your server wasn't "hacked by rk.tar.gz", that was the tar archive of the root kit that the cracker installed after they penetrated the system. I suspect that your 6.2 box didn't have all of the security updates (http://www.redhat.com/support/errata/rh62-errata-security.html) installed and one of them was exploited to gain access (probably the kernel or wu-ftp vulnerability).

The only really safe thing to do at this point is save data from the system that you need to keep and do a complete re-install. It seems fairly obvious that at least one root kit has been installed (which gives the cracker multiple ways to get into the system) and there is no easy way to determine what parts of the have been modified.  After reinstalling the OS, you need to get and apply all of the security updates before placing the server back on line. With the updates applied you can reload your saved data, but you'll need to carefully check any executables or scripts to make sure they haven't been modified by the cracker.
0
 
LVL 3

Expert Comment

by:Bruce_R
ID: 6337205
try using bastille linux, it's a set of scripts that make a linux box more secure by closing all the unneeded ports, shutting down unneeded services etc. It will also download security patches and set up a firewall.

http://www.bastille-linux.org/
0
 
LVL 1

Accepted Solution

by:
Lazypete earned 100 total points
ID: 6369312
I also suggest after re-install that you use
Tripwire to know rapidly if it happens agains.

Tripwire is a intrusion detection software
that take a fingerprint of all system files on
your computer and notice you if one file has
been modified ( by a root kit exemple ).

Another secure distro is
EnGarde Linux
look at packetstorm.securify.com to know more about it.

I still have not tested EnGarde yet.. but I'll do it this week end.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6734092
Your history reflects that you have asked a total of 38 questions at this site and only finalized 10 of them.  I think you'll agree this is not fair to the experts who have stepped in to help you, and it is against our Guidelines and Member Agreement, listed on the left under Help Desk.

I will update all your open items with a request to finalize them so that you are advised by Email of their open status and can quickly navigate through them and complete them.

If you need help to split points, process a refund and move to PAQ at zero, or otherwise special handle this question, please let us know.  I will monitor them all, and as usual, appreciate any expert input here.

Please also refer to these links:
http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp
http://www.experts-exchange.com/jsp/infoMemberAgreement.jsp

Thanks,

Moondancer
Community Support Moderator @ Experts Exchange
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question