I'm gonna cry. I'm a victim!

[jason-mis]

Uberc0der, Vorlin, whoever..

Now what do I do? Do I reformat and resintall and try to make my pc more secure? If I am supposed to format and reinstall then I have learned nothing. I want to learn something from this experience.
my /etc/issue.net is the normal 'uname -r' info.

-Jason

[chsh]

Originally posted by jason-mis
Uberc0der, Vorlin, whoever..

Now what do I do? Do I reformat and resintall and try to make my pc more secure? If I am supposed to format and reinstall then I have learned nothing. I want to learn something from this experience.
my /etc/issue.net is the normal 'uname -r' info.

I would recommend a reformat and reinstall. If you walk away with the knowledge of how to protect yourself next time around, then you have indeed learned something.

My recommendation would be to do a reinstall, run setup as root, go into services, and remove everything you don't need running. Reboot (or killall -hup xinetd and then go into /etc/init.d and stop the services manually) and then connect your PC to the net. Then connect it to the 'net and run up2date -u (after registering with RHN) to make sure all your packages are up to date. Once that's done, just simply reboot again (or etc.) and you should be ok.

Lastly, I'd read up on ipchains and how to use it. If you're interested in some of the other packet filtering stuff that the 2.4 Kernel offers, you can read up about Iptables.

Ipchains HOWTO: http://netfilter.samba.org/ipchains/HOWTO.html
Iptables HOWTO: http://www.linuxguruz.org/iptables/h...les-HOWTO.html

Once you've got a decent working knowledge of ipchains/iptables, setup your firewall so that you prevent people from using ssh except from specific ips... I have several firewall rules that explicitly allow me to use ssh from my work IP to home, so that I can check my home email while I'm at work, work on my C programming stuff, etc., etc..

If you need some more direct help, you can contact me through here, or see if I'm hanging out in irc at irc.antionline.com.

[jason-mis]

Thanks chsh for your input. I will do that, I know how to disable services using 'ntsysv' does going in the init.d dir and manually disabling them do a better job. I know why my box got hacked, I didn't look at my logs. IF I would have looked at my logs it would have told me that hosts.deny was misconfig'd. I know nothing about xinetd.d, and I would like to get into making rules for a firewall. and RHN is a good idea too. I agree with you, I think I have learned all that I can from this. I don't know how the cracker got in my box, but I think this time around it will be less likely.
Also: which is better? server or custom install? I always do a custom and select packages that I want, or else it includes the rlogin daemons and other things I don't want or need.

Thanks..
-Jason

[jason-mis]

I believe that I have learned from this experience. One big thing, look at your logs!!

Thanks Again Everyone..
-Jason

Re-installing Linux.....

[jason-mis]

I believe that I have learned from this experience. One big thing, look at your logs!!

Thanks Again Everyone..
-Jason

Re-installing Linux.....