Re: I got hacked 3 times

From: Georg Armbruster (georg_at_argeo.de)
Date: 06/27/03

• Next message: Nils Petter Vaskinn: "Re: I got hacked 3 times"
• Previous message: Bash 1392895238: "Re: I got hacked 3 times"
• In reply to: roman dissertori: "I got hacked 3 times"
• Next in thread: Nils Petter Vaskinn: "Re: I got hacked 3 times"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Jun 2003 11:28:32 +0200

On Fri, 27 Jun 2003 11:07:23 +0200, roman dissertori wrote:

> Hello anyone,
>
> I'm using the operating System Linux - RedHat9
> I'm totally a newbie in linux-security and that's why I've got a Problem:
> A month ago, I got hacked by someone 3 times!
> I always had to reinstall my distribution for security reasons.
> Poeple in groups.google suggested to do so after a successful hack.
> I changed the _standard known_ portnumbers and I denied the access for all
> incoming internet connections to the ports 0-1024 and mysql per protocol tcp
> and udp in my ipchains.
> Is that enough or - what should else should I do to prevent him/her from
> hacking into my computer again (and it would be nice if i could trace him
> back and do something about it)
> Any suggestions?

Hi Roman!
First of all, use iptables instead of ipchains; it offers stateful-
inspection capabilities.

Then, don't change the port numbers of services; security through
obscurity was never supposed to work.

Use iptables to close all ports incoming, and only allow those
outgoing that you need (http/https/ftp/ssh, I guess).

Do not run any services that you don't use.

Make the services you decide to use listen only to the internal
interface.

Run an intrusion detection system like snort to get a couple of
points what is going on in your network.

Choose your system passwords carefully (your username backwars
is not a very secure password).

Use up2date to update your system regularly.

This should keep you quite safe :)
Peace,
Georg

• Next message: Nils Petter Vaskinn: "Re: I got hacked 3 times"
• Previous message: Bash 1392895238: "Re: I got hacked 3 times"
• In reply to: roman dissertori: "I got hacked 3 times"
• Next in thread: Nils Petter Vaskinn: "Re: I got hacked 3 times"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: iptables: block ports and RELATED ... that was only a part of my script. ... no translation from ipchains or something. ... I tested with some logging the packets go through ports 1080 and 8080. ... $IPTABLES -t mangle -F ... (comp.os.linux.security) Re: I got hacked 3 times ... Scanning my ports for any security holes from outside. ... Sorry I don't use ipchains. ... I don't know much about the difference, but iptables is newer, right? ... (comp.os.linux.security) Re: Samba problem: WinXP <-> ADSL <-> Internet <-> Cable <-> Linux ... >+ expose an SMB share to the Internet, for security reasons. ... If the relevant ports are reported as ... Consulting Minister for Consultants, DNRC ... (comp.os.linux.networking) Re: How block socket ports ... > I want to write a special socketserver for my purpose on my port (eg ... > for security reasons I want prevent other ports to be activate on my ... > ports I found many items. ... (microsoft.public.win2000.security) How block socket ports ... I want to write a special socketserver for my purpose on my port. ... for security reasons I want prevent other ports to be activate on my server. ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint