×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

next time when you reinstall

there are lots of things to know about security, read some security article/website

basically:
1. When installing OS, disconnect network
2. Install latest version OS/Application if possible. change default admin/root password immediately.
3. Only turn on necessary services, less services is running, less exploit will exist
4. Of course, use strong password, no telnet...
5. Check ssh log regularly, investigate suspect IP attack.
remember, when you system has been hacked, then any binary/services can be alternated, it's better reinstall from scratch.

Been hacked is a not bad experience, enjoy it...:p

The list will not end, other suggestions?
Report

Replies, comments and Discussions:

  • 工作学习 / 专业技术讨论 / LINUX FC4频繁地被HACK掉(固定IP和有DOMAIN NAME),请问有什么要注意的,谢谢.享受学习.
    • 该PC放在一个大学的网络上.主要就是WEB SERVER和一些SSH,SCP之类的.
      • 从各种log可以查出被黑的蛛丝马迹。。
        • 某COWORKER怀疑是SSH在网络上被截取了.我想很难吧?,有人有类似的经验吗?谢谢.
          • next time when you reinstall
            there are lots of things to know about security, read some security article/website

            basically:
            1. When installing OS, disconnect network
            2. Install latest version OS/Application if possible. change default admin/root password immediately.
            3. Only turn on necessary services, less services is running, less exploit will exist
            4. Of course, use strong password, no telnet...
            5. Check ssh log regularly, investigate suspect IP attack.
            remember, when you system has been hacked, then any binary/services can be alternated, it's better reinstall from scratch.

            Been hacked is a not bad experience, enjoy it...:p

            The list will not end, other suggestions?
            • Enable logs.
      • 据说ssh1有缺陷,建议只用ssh2,不过我从来没有碰见过因为ssh1被黑的。sshd一定要限定用户。防火墙一定要配。web server上如果装了一些广泛应用的perl, php的软件包(例如mambo, mailform...),一定要当心, 里面可能有漏洞。
        被黑了最安全的是重装。你是怎么知道被黑的?仔细查web log, ssh log....
        • some one else login as root
          • 我写过一个perl script,放到了 /etc/profile里,不明用户登录时可以发email通知。
            本文发表在 rolia.net 枫下论坛#!/usr/bin/perl

            $mailprog = '/usr/sbin/sendmail';

            @trusted = (
            'xxx.yyy.zzz',
            'aaa.bbb.ccc'
            );

            $server=`ifconfig | grep eth0 -A1|grep inet| gawk '{print \$2}'| gawk -F: '{print \$2}'`;


            $date = `date +"%h %d %H:%M"`;
            $buf = `who -m `;
            $cur_user= `id -un`;
            chomp $buf;
            chomp $date;
            chomp $cur_user;

            @list=split(' ',$buf);
            $user =$list[0];
            $user_ip =$list[5];
            $init_time = $list[2] . " " . $list[3] . " " . $list[4];
            $user_ip =~ s/[()]//g;
            foreach $tr (@trusted)
            {
            if ($user_ip =~ /$tr/ )
            {
            exit;
            }
            }

            open(MAIL,"|$mailprog -t");

            print MAIL "To: email\@hotmail.com,email\@hotmail.com\n";
            print MAIL "From: email\@hotmail.com\n";
            print MAIL "Subject: $user login from $user_ip on $server\n\n" ;
            print MAIL "initial user: $user\n";
            print MAIL "initial time: $init_time\n";
            print MAIL "current user: $cur_user\n";
            print MAIL "current time: $date\n";
            close (MAIL);更多精彩文章及讨论,请光临枫下论坛 rolia.net
            • 先谢了.
    • 给出的信息太少,每办法判断,另外劫持SSH会话不大可能。
    • 另外别忘了做“安全审计”。