[ubuntu-uk] Preventing a hack attempt

Daniel Case danielcase10 at googlemail.com
Sat Aug 28 01:22:46 BST 2010

Hi there,

One of my servers has recently been attacked, it has one remote SSH user
which cannot run 'sudo', i made it like that so that if it was comprimized,
no-one would be able to do much.

However, someone managed to gain the password to that account on the server
then used "vi /etc/passwd" to gain a list of users, then launched a
bruteforce using su against my admin account.
(that's what I can gather from the logs)

This did not get very far before I saw and kicked the user off and changed
all of the passwords, but I would like to know how to prevent this sort of
thing happening again.

I need to know mainly how to stop the SSH user running su in the first place
and how to stop the user seeing files like /etc/passwd

Anyone have any suggestions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20100828/e7266037/attachment.htm 

More information about the ubuntu-uk mailing list