Solved

Security holes, how do hackers get in?

Posted on 2003-10-28
15
443 Views
Last Modified: 2010-04-22
Hi,

I've been told that I may have suffered a hacker attack and also that it could've been because I was running old versions of ssh, ssl, ftp, bind, sendmail and apache.

Now my question is this, how does a hacker get in if ssh is restricted to certain ips? How do they use other services (apache, bind, sendmail, ftp etc etc) to get into the system and gain root access? I'm currently upgrading all services to the newest releases to prevent this happening again, is there anything else I should be doing

Thanks
0
Comment
Question by:choccarlm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
15 Comments
 
LVL 18

Expert Comment

by:liddler
ID: 9632758
You either break in via a flaw that allows you to predict what the machine is looking for and inject your traffic in, which the server thinks is coming from somewhere else, or you use a buffer overflow, where an extra bit of code is added onto the end of some data going into abuffer, this code is then execute by the kernel, as a privilidged user, this code can then be used to run something else, such as adding a malicious user.
Other things to do, latest kernel patches, firewall, go through your startup scripts, make sure nothing is started that you don't need.
Titan is an excellent resource to help harden your machine (http://www.fish.com/titan/TITAN_documentation.html)
But definately keep all internet facing services (sendmail, bing, apache etc) patched up to date
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 9636635
There are many ways in which security can be compromised, many types of attacks and so on. Have a look at www.securityfocus.com and you'll see that there were problems with almost everything (and get scared ;-).

An old example is sendmail. Sendmail allowed emails to be piped to commands (this feature is used by mail lists managers like majordomo). But the default configuration till version xx (I don't remember) allowed  everybody to do that. Imagine what happends if you can run a command (maliciously) remotely on a mail server with the mail daemon rights. And on solaris user sendmail has uid 0 (which means root).

Nessus (www.nessus.org) is also a good tool to check your server security. There is also an article about nessus: http://www.securityfocus.com/infocus/1741

And to state once again what liddler said: "keep all internet facing services (sendmail, bing, apache etc) patched up to date"
0
 

Author Comment

by:choccarlm
ID: 9640422
Thanks,

Also I've been told to update my kernel. Whats the easiest way of doing this and where can I find kernels? Also, what is the main purpose of the linux kernel?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 18

Expert Comment

by:liddler
ID: 9640542
You can get the kernel source from whover you distribution comes from i.e. www.redhat.com for RedHat or www.linux-mandrake.com for Mandrake.
The Kernel is the core of the operating system, the same as DOS or windows XP is on Microsoft machines
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 9640563
Depending on what you are using see
http://www.redhat.com/support/resources/howto/kernel-upgrade
http://en.tldp.org/HOWTO/Kernel-HOWTO

Also one mybe intersting page: http://www.governmentsecurity.org

What's the purpose of the kernel ? Hmm. Basically is the core of the OS

0
 
LVL 6

Expert Comment

by:mbarbos
ID: 9640567
Nice liddler, you're faster :)
0
 

Author Comment

by:choccarlm
ID: 9640603
Thanks guys, is there anyway of splitting the points?
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 9640682
There should be a split button somewhere bellow the comment area...
0
 

Author Comment

by:choccarlm
ID: 9650039
I cant see it, I'll ask the mods.

One more quick question. I've just purchaed Mandrake 9.2 Pro Suite. It comes with sshd 3.6 which is the same version I've got the source files for. Do I uninstall the rpm that comes with the o/s and install from source or is it safe to leave the one that comes with it? This goes for all packages

Thanks
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 9650133
None. You install the packages as they came and after you have installed the machine, trimmed it down to what's necessary only and secured it, you use the UPGRADE feature for your distribution. This should contact a server from the vendor (or a mirror) and fetch and install the necessary packages
If you register, you'll also receive emails when an upgrade is available
0
 

Author Comment

by:choccarlm
ID: 9650182
I cant use the upgrade feature as the servers dont currently have an internet connection, and when they do, they wont be booting using the gui, it will be command line only. Is it safe to leave the packages that are installed?
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 9650288
There should be also a command line tool for upgrading.

Best would be to do the upgrade through a firewall first and than put them on net.
0
 

Author Comment

by:choccarlm
ID: 9650317
ok but if its the latest rpm thats been installed during install then it should be quite safe, or not?
0
 
LVL 6

Accepted Solution

by:
mbarbos earned 125 total points
ID: 9650401
Bad luck can always strike, but yes, you might have a chance :)
Anyway install tripwire or something similar before conecting the machine to the net.
0
 

Author Comment

by:choccarlm
ID: 9650425
Cheers, your advice has been really helpful, thanks a lot
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question