[ubuntu-uk] Preventing a hack attempt
danielcase10 at googlemail.com
Sat Aug 28 01:22:46 BST 2010
One of my servers has recently been attacked, it has one remote SSH user
which cannot run 'sudo', i made it like that so that if it was comprimized,
no-one would be able to do much.
However, someone managed to gain the password to that account on the server
then used "vi /etc/passwd" to gain a list of users, then launched a
bruteforce using su against my admin account.
(that's what I can gather from the logs)
This did not get very far before I saw and kicked the user off and changed
all of the passwords, but I would like to know how to prevent this sort of
thing happening again.
I need to know mainly how to stop the SSH user running su in the first place
and how to stop the user seeing files like /etc/passwd
Anyone have any suggestions?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-uk