[PLUG] Got hacked last night - HELP!

Bill Thoen bthoen at gisnet.com
Mon Oct 4 16:22:01 UTC 2004


On Mon, 4 Oct 2004, Sandy Herring wrote:

> Is your version of SSH uptodate? (what does `ssh -V' output? 3.9p1 is
> the latest). If not, get current...

Only as current as 3.5p1. I'll do this next... I just ran chkrootkit and 
it said nothing was infected.

> What does your Protocol param in /etc/ssh/sshd_config permit? You should
> only allow version 2... `man 5 sshd_config'.

Mine said: 
# Protocol 2,1
I changed it to:
Protocol 2

> The first thing you need to do is make certain you've closed any holes
> in your ssh installation. You can keep unwanted visitors at bay via
> tcp_wrappers. e.g.,

I just did this too and restarted sshd. do I need to reboot also?

- Bill Thoen





More information about the PLUG mailing list