Hacked?

Mike Fedyk mfedyk at matchmail.com
Fri May 4 04:09:57 GMT 2001


On Thu, May 03, 2001 at 11:03:09PM -0500, Daniel_Casey at jbhunt.com wrote:
> 
> Does you need to have ftp (inbound) turned on for this system?  What
> about remote root access, could you turn that off?  Are you using any
> type of software type firewalling?
> 
> 
> 
>                                                                                                                         
>                     David Rankin                                                                                        
>                     <drankin at cox-inte        To:     Bas <list at showme.wox.org>, Samba <samba at us5.samba.org>             
>                     rnet.com>                cc:                                                                        
>                     Sent by:                 Subject:     Re: Hacked?                                                   
>                     samba-admin at lists                                                                                   
>                     .samba.org                                                                                          
>                                                                                                                         
>                                                                                                                         
>                     05/03/2001 10:04                                                                                    
>                     PM                                                                                                  
>                                                                                                                         
>                                                                                                                         
> 
> 
> 
> 
> Bas wrote:
> 
> > Maybe I'm not looking right, but it looks like somebody on the other end
> is
> > root and accessed your ftp server as user ftp.
> >
> > You should check the manual pages that come with your ftp server.
> >
> > Good luck,
> > Bas.
> >
> 
> Bas, that's the problem! Somebody tried to ftp as root into my server!
> "They
> ain't root, because I'm root!"  You know, --me--, my system, I put the
> motherboard/hardware together, I loaded Linux, got samba, ftp, ssh, vpn,
> etc...
> working. IT'S MY BOX!  Now, some Korean, "no ethniccentricity implied", has
> hackerd my box and I'm (1) worried - what did he/she do and (2) pissed
> because
> someone who shouldn't be showing up in my logs is! I have read Linksys
> router
> pages and man pages that say -- this shouldn't happen. OK, so I'll admit
> it,
> Linksys sucks as a firewall. That still begs the question, who is this
> turkey
> who tried to hack my system, why did he try to do it (we'll never know),
> and
> why with all this great security was whoeveritwas able to stay connected
> for 41
> seconds. Think about it, I'm puzzeled -- not uncommon. My question is what
> in
> the hell do you do in this situation?
You can't really keep anyone from _trying_ to access your server.  Why do
you have a FTP server anyway?

If you get this worked up over someone _trying_ to access your server, you
shouldn't run one at all.  If it's just for you, there are many better file
transfer solutions.

Mike




More information about the samba mailing list