[PLUG] Got hacked last night - HELP!
Bill Thoen
bthoen at gisnet.com
Mon Oct 4 16:22:01 UTC 2004
On Mon, 4 Oct 2004, Sandy Herring wrote:
> Is your version of SSH uptodate? (what does `ssh -V' output? 3.9p1 is
> the latest). If not, get current...
Only as current as 3.5p1. I'll do this next... I just ran chkrootkit and
it said nothing was infected.
> What does your Protocol param in /etc/ssh/sshd_config permit? You should
> only allow version 2... `man 5 sshd_config'.
Mine said:
# Protocol 2,1
I changed it to:
Protocol 2
> The first thing you need to do is make certain you've closed any holes
> in your ssh installation. You can keep unwanted visitors at bay via
> tcp_wrappers. e.g.,
I just did this too and restarted sshd. do I need to reboot also?
- Bill Thoen
More information about the PLUG
mailing list