[BlueOnyx:01822] Re: Second Server Hacked
Ralf Quint
Smoothwall at gmx.net
Sun Jul 26 12:57:06 -05 2009
At 10:37 AM 7/26/2009, Steve Davis wrote:
>Chris,
>
>Thats a good point about guessing the password, 12 characters
>strong. There were no user accounts. I have had others inspect the
>box, with root access, and they could not find the exploit. Greg
>Kunhert did find some web based exploits that I cannot explain, but
>he mentioned may or may not be the reason it was hacked.
>
>No idea on the exploit, or how the box has been compromised. This
>new box had no domains on it nor any web sites.
>
>There is no log of a logon, but the allow-hosts file had dozens of
>illegal ip's.
>
>I am going to rebuild, from start, with a new root password and we shall see.
>
>Steve
How would they have been able to gain (physical) access to that box? D
o you have it sit directly on the Internet or behind a proper firewall?
If TCP/81 (for https web UI access) and TCP/22 (for shell access) are
not accessible from the web in the first place (or only with
restricted source IPs), they can guess the password all they want... :?
Ralf
More information about the Blueonyx
mailing list