Solved

hacked by rk.tar.gz

Posted on 2001-07-30
4
1,025 Views
Last Modified: 2008-02-20
my linux redhat 6.2 server was hacked by rk.tar.gz.
someone can login to my server by a port without password protection.
and he can listen to port 110 to gain my clients' passwords.

Ang suggestions that I can do to protect the server now?
0
Comment
Question by:klnhk
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6334370
Your server wasn't "hacked by rk.tar.gz", that was the tar archive of the root kit that the cracker installed after they penetrated the system. I suspect that your 6.2 box didn't have all of the security updates (http://www.redhat.com/support/errata/rh62-errata-security.html) installed and one of them was exploited to gain access (probably the kernel or wu-ftp vulnerability).

The only really safe thing to do at this point is save data from the system that you need to keep and do a complete re-install. It seems fairly obvious that at least one root kit has been installed (which gives the cracker multiple ways to get into the system) and there is no easy way to determine what parts of the have been modified.  After reinstalling the OS, you need to get and apply all of the security updates before placing the server back on line. With the updates applied you can reload your saved data, but you'll need to carefully check any executables or scripts to make sure they haven't been modified by the cracker.
0
 
LVL 3

Expert Comment

by:Bruce_R
ID: 6337205
try using bastille linux, it's a set of scripts that make a linux box more secure by closing all the unneeded ports, shutting down unneeded services etc. It will also download security patches and set up a firewall.

http://www.bastille-linux.org/
0
 
LVL 1

Accepted Solution

by:
Lazypete earned 100 total points
ID: 6369312
I also suggest after re-install that you use
Tripwire to know rapidly if it happens agains.

Tripwire is a intrusion detection software
that take a fingerprint of all system files on
your computer and notice you if one file has
been modified ( by a root kit exemple ).

Another secure distro is
EnGarde Linux
look at packetstorm.securify.com to know more about it.

I still have not tested EnGarde yet.. but I'll do it this week end.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6734092
Your history reflects that you have asked a total of 38 questions at this site and only finalized 10 of them.  I think you'll agree this is not fair to the experts who have stepped in to help you, and it is against our Guidelines and Member Agreement, listed on the left under Help Desk.

I will update all your open items with a request to finalize them so that you are advised by Email of their open status and can quickly navigate through them and complete them.

If you need help to split points, process a refund and move to PAQ at zero, or otherwise special handle this question, please let us know.  I will monitor them all, and as usual, appreciate any expert input here.

Please also refer to these links:
http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp
http://www.experts-exchange.com/jsp/infoMemberAgreement.jsp

Thanks,

Moondancer
Community Support Moderator @ Experts Exchange
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question