偉民 (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} andr00) wrote,@ 2002-04-02 05:38:00 |
|
Ssh in remote, just for five seconds to see if I have any mail. Weird wall messages from syslogd start popping up. Lastlog shows login from www.fuji-ft.co.jp at 8:34 Monday morning. Snap verdict: root compromise via ftpd exploit, shutdown -h now.
Jesus christ. First I install that machine and patch it current, then it can't see its network hardware anymore. Then I reinstall and patch just ftpd (which I know has holes) and openssl. It can't see its RAID (dependencies?). So then like yesterday or so I reinstall and don't patch anything, because I'm going to just use ncftpd. This morning! Hax0red!
Lame attempt at humorous relief: I wouldn't have been able to even ssh in to check on status or shut it down, as the attacker altered sshd_config in a way that prevented me from getting in after i rebooted off the network. But they forgot to restart sshd.
if ANYTHING ELSE ON EARTH supported both wireless and RAID, I'd be using that instead of linux. (win whatever, of course, doesn't count as an OS)
Jesus christ. First I install that machine and patch it current, then it can't see its network hardware anymore. Then I reinstall and patch just ftpd (which I know has holes) and openssl. It can't see its RAID (dependencies?). So then like yesterday or so I reinstall and don't patch anything, because I'm going to just use ncftpd. This morning! Hax0red!
Lame attempt at humorous relief: I wouldn't have been able to even ssh in to check on status or shut it down, as the attacker altered sshd_config in a way that prevented me from getting in after i rebooted off the network. But they forgot to restart sshd.
if ANYTHING ELSE ON EARTH supported both wireless and RAID, I'd be using that instead of linux. (win whatever, of course, doesn't count as an OS)
