Hi Luggies,
Today I have got a bad/great experience.
I installed RHEL5 last week with static iP.
some one has entered in my system from these ips
82.79.161.104,92.80.199.219,79.113.9.116 and they created a user with uid of
0(zero) and done nasty things like crashing the system.
I found this by giving 'last' command . which shows me unknown ip has logged
in my system.
Then i check the /etc/passwd file which shows a user named with "girgo" with
uid of 0 has created.
I think my root password should be the problem (admin123) which is a dict word
and crackers has done their job easily.
They create a user named "oracle" and they create a directory named " bot " and
some files and some scripts
I shamed since i am one of the victim.
I think this will be the lesson for everyone.
Lesson Learned :
1)Password should be strong.
2)Allow ssh from known ips only.
3)Have to take bare metal backup after installing the system , for quick restore
4)Install and monitor any intrusion detection system
Thanks & Regards
MThanigairajan
The Most Certain Way To Succeed Is To Try One More Time
-- By Edison
---------------------------------
Bollywood, fun, friendship, sports and more. You name it, we have it.