Solved

hacked by rk.tar.gz

Posted on 2001-07-30
4
1,013 Views
Last Modified: 2008-02-20
my linux redhat 6.2 server was hacked by rk.tar.gz.
someone can login to my server by a port without password protection.
and he can listen to port 110 to gain my clients' passwords.

Ang suggestions that I can do to protect the server now?
0
Comment
Question by:klnhk
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6334370
Your server wasn't "hacked by rk.tar.gz", that was the tar archive of the root kit that the cracker installed after they penetrated the system. I suspect that your 6.2 box didn't have all of the security updates (http://www.redhat.com/support/errata/rh62-errata-security.html) installed and one of them was exploited to gain access (probably the kernel or wu-ftp vulnerability).

The only really safe thing to do at this point is save data from the system that you need to keep and do a complete re-install. It seems fairly obvious that at least one root kit has been installed (which gives the cracker multiple ways to get into the system) and there is no easy way to determine what parts of the have been modified.  After reinstalling the OS, you need to get and apply all of the security updates before placing the server back on line. With the updates applied you can reload your saved data, but you'll need to carefully check any executables or scripts to make sure they haven't been modified by the cracker.
0
 
LVL 3

Expert Comment

by:Bruce_R
ID: 6337205
try using bastille linux, it's a set of scripts that make a linux box more secure by closing all the unneeded ports, shutting down unneeded services etc. It will also download security patches and set up a firewall.

http://www.bastille-linux.org/
0
 
LVL 1

Accepted Solution

by:
Lazypete earned 100 total points
ID: 6369312
I also suggest after re-install that you use
Tripwire to know rapidly if it happens agains.

Tripwire is a intrusion detection software
that take a fingerprint of all system files on
your computer and notice you if one file has
been modified ( by a root kit exemple ).

Another secure distro is
EnGarde Linux
look at packetstorm.securify.com to know more about it.

I still have not tested EnGarde yet.. but I'll do it this week end.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6734092
Your history reflects that you have asked a total of 38 questions at this site and only finalized 10 of them.  I think you'll agree this is not fair to the experts who have stepped in to help you, and it is against our Guidelines and Member Agreement, listed on the left under Help Desk.

I will update all your open items with a request to finalize them so that you are advised by Email of their open status and can quickly navigate through them and complete them.

If you need help to split points, process a refund and move to PAQ at zero, or otherwise special handle this question, please let us know.  I will monitor them all, and as usual, appreciate any expert input here.

Please also refer to these links:
http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp
http://www.experts-exchange.com/jsp/infoMemberAgreement.jsp

Thanks,

Moondancer
Community Support Moderator @ Experts Exchange
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
add a 1000 ms delay after each sending email operation 12 70
Codiing Non-Existent Links 4 67
nagios monitor 3 44
AWS - HAProxy- KeepAlived 5 17
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now