Prev-20 Home Next-20 1 msg Re: New gaim packages fix denial of service 1 msg tuning the samba log file 1 msg Philippe CAILLEAUD/SIEGE/MAIF est absent. 1 msg IPsec from native KAME in 2.6 kernel to FreeS/W... 11 msg Security fixes for mozilla and firefox in Sarge? 3 msg Re: [SECURITY] [DSA 765-1] New heimdal packages... 4 msg Please announce current lack of security support 2 msg Re: Bug#319406: heartbeat: upgrade and reconfig... 2 msg Linking monotone with the official lua shared l... 1 msg a compromised maschine 19 msg a compromised machine 1 msg ÃÈÁÄÄÏðîâîäêè-ÖÁÍîâèíêè-áàç-äàííûõÂÝÄ 1 msg Re: CD 2004 5 msg last -t lists all entries in wtmp Help needed - server hacked twice in three days... \ Karsten Dambekalns (21 Jul 2005) . \ Karsten Dambekalns (21 Jul 2005) . . \ Andras Got (21 Jul 2005) . . . \ Karsten Dambekalns (21 Jul 2005) . . \ Goswin von Brederlow (21 Jul 2005) . . . \ Karsten Dambekalns (21 Jul 2005) . . . \ Goswin von Brederlow (21 Jul 2005) . \ Thomas Sjögren (21 Jul 2005) . . \ Karsten Dambekalns (21 Jul 2005) . . . \ Ulf Harnhammar (21 Jul 2005) . . . . \ Karsten Dambekalns (21 Jul 2005) . . . \ (Rob Sims) (21 Jul 2005) . . . . \ Karsten Dambekalns (21 Jul 2005) . . \ Paolo Pedaletti (22 Jul 2005) . \ Moritz Muehlenhoff (21 Jul 2005) . \ JM (22 Jul 2005) . \ Christian Vanguers (22 Jul 2005) . \ Mathieu JANIN (22 Jul 2005) 1 msg e-mail address change for Barrie Webster 2 msg freeRadius 1.0.4 3 msg IDS detected smbpasswd modified 2 msg Re: [MIB-Admin] [SECURITY] [DSA 757-1] New krb5... 1 msg Re: New krb5 packages fix multiple vulnerabilities Prev-20 Home Next-20

Prev-Msg Prev-Thread Debian-security Jul-2005 Next-Thread Next-Msg Subject: RE: Help needed - server hacked twice in three days (and I don't think I'm a newbie) Group: Debian-security From: Mathieu JANIN Date: 22 Jul 2005 Use md5 passwords and require longer passwd next time !?! First of all, there are "lots" of tweaks to secure debian in http://www.debian.org/doc/manuals/securing-debian-howto/ I haven't read all of this thread here, but if it's only a LAMP system, I would clone it building a new machine secure from the start (using the above reference), copying and verifying piece by piece all config elements, and finally copy the web data and migrate from the original to the clone. Once hacked, it is too hard to say if the machine is surely secured to keep it in production IMHO. ++ -----Message d'origine----- De : Paolo Pedaletti [mailto:paolo.pedaletti] Envoyé : vendredi 22 juillet 2005 11:32 À : debian-security Objet : Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie) ciao Thomas Sjögren, > . Better passwords like using libpam-cracklib and dcredit,ucredit,lcredit,ocredit options and... - send syslog (better syslog-ng) entries to a log-server - chroot LAMP - run nessus against the server - run snort on server - ... (what else?) If he had enough time, he could put your LAMP-server beyond a transparent forwarding-server and log everything. HTH -- /* Paolo Pedaletti, -- To UNSUBSCRIBE, email to debian-security-REQUEST with a subject of "unsubscribe". Trouble? Contact listmaster Prev-Msg Prev-Thread Debian-security Jul-2005 Next-Thread Next-Msg

© 2004-2008 readlist.com