Re: How could this account have been cracked?
- From: Ayaz Ahmed Khan <ayaz@xxxxxxxxxxxxxxxx>
- Date: 27 Sep 2006 14:07:49 GMT
"robb@xxxxxxx" typed:
Nathanael Hoyle wrote:
So the account's existence was probably not revealed by the login
(if there were already a keylogger on the system, you were flat
screwed from the start).
Yes, and this may be the case.
So, although that logically, there's no real true defense, I've done
a few things (added deny all sshd, removed software I'm not
using...) and hopefully the system will hold for a week or two until
I have the money and time to rebuild the server.
If the compromised machine in question is *acm.org*, then I *know* how
it got compromised. Do drop me a note, if you wish to know. :-)
And if *acm.org* ain't the compromised machine, then, well, oops. ;-)
--
Ayaz Ahmed Khan
Then, gently touching my face, she hesitated for a moment as her
incredible eyes poured forth into mine love, joy, pain, tragedy,
acceptance, and peace. "'Bye for now," she said warmly.
-- Thea Alexander, "2150 A.D."
.
- Follow-Ups:
- Re: How could this account have been cracked?
- From: robb@xxxxxxx
- Re: How could this account have been cracked?
- References:
- How could this account have been cracked?
- From: robb@xxxxxxx
- Re: How could this account have been cracked?
- From: Ian Kilgore
- Re: How could this account have been cracked?
- From: robb@xxxxxxx
- Re: How could this account have been cracked?
- From: Nathanael Hoyle
- Re: How could this account have been cracked?
- From: robb@xxxxxxx
- How could this account have been cracked?
- Prev by Date: Re: send a mail when a event login occur ?
- Next by Date: IDR
- Previous by thread: Re: How could this account have been cracked?
- Next by thread: Re: How could this account have been cracked?
- Index(es):
Relevant Pages
|
|
