Displaying 20 results from an estimated 2000 matches similar to: "Recent breakins / SSHD root hole?"
2001 Jun 01
1
recent breakins
>From http://www.apache.org/info/20010519-hack.html:
"The ssh client at SourceForge had been compromised to log outgoing names
and passwords, so the cracker was thus able get a shell on apache.org."
user's ssh --> SF's ssh --> apache.org's sshd
So basically the user's password was entered in the clear to an untrusted
program (SF's ssh). Never mind that
2001 Jun 01
0
Disabling Password-based auth? (was RE: recent breakins)
Crap. I hit send too fast. Last sentence in
first paragraph should have read "no completely
secure way" for authentication to be passed--
because the agent-based forwarding program
could have been compromised as well--except for
the cases already mentioned such as SRP and
RSAAuth where the auth. information is better
protected.
Even if the SF server had been capable of forwarding
the
2001 Jun 01
1
Disabling Password-based auth? (was RE: recent breakins)
All--
But it's not as simple as forwarding the password-based
authentication. Regardless of what method was used to
SSH from system one (user's) to system two (SF), the
user then started up *a second* SSH session to go
from two (SF) to three (Apache). There is no effective
way for any authentication information from the first
session to be passed to the second, in my mind.
Remember
1998 May 12
25
Checking remote servers
I''d like to hear some suggestions about securely administering a
system remotely. Here''s the application: a project is going to
scatter some server machines around the US. The server machines will
be running Linux, with the only network servers being a custom
application.
Ignoring the separate question of physical security, how can I
remotely check the system''s
2006 Sep 21
2
4.4 kickstart issues
Greetings all,
I'm trying to create a CentOS 4.4 kickstart CD (not a network install),
duplicating what
I've done for Fedora Core 3.
I am having a cirular dependency for initscripts, which causes
initscripts not to be installed
(no /etc/inittab when the boot gets to INIT)
The cascade is:
initscripts-7.39.25.EL-1.centos4 requires /sbin/nash
/sbin/nash is in mkinitrd-4.2.1.8-1
1997 Sep 23
1
C''t Article on Juggernaut
There is a recent article in the German magazine C''t that may be of
interest to those on this list. It describes a cracker program,
Juggernaut, which can hijack telnet sessions. The program is written
specifically to run under Linux. An english translation of the article
is available at:
http://www.ix.de/ct/english/9710142/
It also mentions that they are working on a version of the
2017 Sep 19
0
How to track attempted breakins, authentication failure logging
Hai Mark,
I see the bugreport for this is still untouched.
https://bugzilla.samba.org/show_bug.cgi?id=11998
Is vfs_full_audit not an option?
with %I you can log the IP address of the client machine.
But i dont know if that wil work of if vfs_full_audit hase that option.
With something like this.
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = connect
2008 Mar 07
2
Importing Accounts from Windows?
Is there some automated system to import windows accounts into a samba
or a samba ldap situation?
I've got a few hundred users on an NT domain, and I'd like to migrate
them sometime before the last piece of hardware supported by NT4
rusts.
Right now several linux based samba servers are doing all of the heavy
lifting (shared files printers etc), but they are all looking at the
domain
2017 Sep 19
3
How to track attempted breakins, authentication failure logging
This may have been asked before, but I can't find it. I am getting repeated external attempted
to log into our AD/DC (running Samba 4.4.14). In /var/log/samba/log.samba I get entried like:
2017/09/19 05:02:25.562957, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv)
auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\333] FAILED with error
2007 Mar 14
7
While the VoIP-Info.org site is down...
Is it wise to use an outage to promote your business, not on the user's
list and not multiple times? Put it in your signature or something ;-)
Thanks,
Steve Totaro
http://www.asteriskhelpdesk.com
KB3OPB
> -----Original Message-----
> From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-
> bounces@lists.digium.com] On Behalf Of Shane Breen
> Sent: Wednesday,
2017 Sep 19
1
How to track attempted breakins, authentication failure logging
On Tue, 2017-09-19 at 17:02 +0200, L.P.H. van Belle via samba wrote:
> Hai Mark,
>
> I see the bugreport for this is still untouched.
> https://bugzilla.samba.org/show_bug.cgi?id=11998
I've closed that bug now.
Extensive work has been done to add this feature to Samba 4.7, due out
this week:
https://wiki.samba.org/index.php/Setting_up_Audit_Logging
Two new debug classes,
2004 May 21
12
Hacked or not ?
Hi,
I have a 4.9-STABLE FreeBSD box apparently hacked!
Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
Those are:
chfn ... INFECTED
chsh ... INFECTED
date ... INFECTED
ls ... INFECTED
ps ... INFECTED
But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED.
I know by the FreeBSD-Security archives that
2002 Jan 26
1
Can't upgrade R properly with Debian potato
Hello-
I had to reinstall my system completely, due to a cracker (a script kiddie).
I've added the CRAN recommended lines to my sources.list.
I removed my old R package (0.92, I believe) and intalled a new one, but it's
the 1.3.1
If I remember correctly, this is not the __latest__ version is it?
What's happening than, since my /etc/apt/sources.list is correct?
TIA
Regards
2003 Feb 14
1
ogg123 and plugger
Hi. I'm trying to get plugger to work with ogg123 and it does - sort of.
No matter what the song is, it plays 24 seconds of the song and then
dies. Same spot every time - I've tried with a short song (Janis Joplin
Mercedes Benz) and a long song (Cracker Eurotrash Girl).
I have this as the mime identification in the plugger rc file:
audio/ogg: ogg: Vorbis Ogg audio
application/x-ogg: ogg:
2001 Dec 10
1
Time delay security function
Hi all developers.
I cannot consider myself to be a software developer ( only have a fair
exposure to some C++, but mostly Perl nad alot of PHP), so forgive my
ignorance.
I recently had an idea about improving security of a system to make it
impossible for another party to hack a system via a login procedure.
Now I'm not sure how current authentication systems work, but I think
that if
2002 Aug 01
1
OpenSSH Security Advisory: Trojaned Distribution Files
OpenSSH Security Advisory (adv.trojan)
1. Systems affected:
OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the
OpenBSD ftp server and potentially propagated via the normal mirroring
process to other ftp servers. The code was inserted some time between
the 30th and 31th of July. We replaced the trojaned files with their
originals at 7AM MDT, August 1st.
2. Impact:
Anyone who has
2001 Nov 29
4
openssh 2.9p2 release 8.7 security alert!!!
Hi, everyone:
My system was compromised a few days ago.
The cracker attacked the system through openssh 2.9p2 release 8.7.
I attached part of the log file.
Thanks.
Pin Lu (pin at stredo.com)
Nov 25 11:33:05 ns sshd[10627]: Disconnecting: Corrupted check bytes on
input.
Nov 25 11:33:36 ns named[10478]: Lame server on '55.254.58.211.in-addr.arpa'
(in
2005 Jul 01
1
Hyldest
Means "acclaim" in both Norwegian languages (there are new official
rules out today for writing both of the 2 Indo-European Norwegian
languages).
What made me write this acclaim is the number of postings I've seen
about Samba's instability - i.e. run-away processes, profiles going
wrong, ACL problems and more.
My (high school) site with around 80 w2k workstations, of which
2002 Aug 01
0
openssh-3.4p1.tar.gz on ftp.openbsd.org changing rather than frozen (fwd)
Below the trojaned and clean md5s are given.
---------- Forwarded message ----------
Date: Thu, 1 Aug 2002 13:39:22 +0200
From: Magnus Bodin <magnus at bodin.org>
To: Wojtek Pilorz <wpilorz at bdk.pl>
Cc: openssh-unix-dev at mindrot.org
Subject: Re: openssh-3.4p1.tar.gz on ftp.openbsd.org changing rather than
frozen
On Thu, Aug 01, 2002 at 09:20:29AM +0200, Wojtek Pilorz wrote:
2018 Dec 10
1
Crackers?
Hi,
just wishing you a merry christmas and happy new year, by presenting to
you a new trojan for Linux. It`s professionally made by Apple Computer
Inc. (must be somebody who threatened them to do it).
<https://www.anubis-ca.com/tmp/IMG_20181210_173521.jpg>
<https://www.anubis-ca.com/tmp/IMG_20181210_175350.jpg>
---------Videresendt melding-------
Fra: Arun I. Gurung <arun-g at