My lan server is behind a router. Someone managed to hack into it and dumped a file in the / directory to let me know he was there. (just an empty file named after his IP address). I have no clue how it was possible since I'm behind a router and no ports are fowarded to the server.
The server itself may not really be secure since I'm a n00b at linux and once I get better then I'll consider to learn about security. I'm just wondering how the hacker managed to get past my router, and how I can find out what hole he got in by. I assume linux logs stuff like this, I just have no clue where to look. Thanks.
I hope there's no damage, but nothing noticable right now.
Archived topic from Anythingforums, old topic ID:756, old post ID:7726
someone hacked in my firewalled server
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
someone hacked in my firewalled server
Honk if you love Jesus, text if you want to meet Him!
someone hacked in my firewalled server
Do people really have nothing better to do then hack into computers..
Archived topic from Anythingforums, old topic ID:756, old post ID:7736
Archived topic from Anythingforums, old topic ID:756, old post ID:7736
someone hacked in my firewalled server
Really. gess tell em all to find a porn site or something to keep them selfs happy not screw with other peoples PC/Servers.Joe wrote: Do people really have nothing better to do then hack into computers..
Red I may need your help with my server then.
Archived topic from Anythingforums, old topic ID:756, old post ID:7738
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
someone hacked in my firewalled server
Well I think I sort of asked for it since this guy was hacking in a friend's PC so I knocked him off the net for a few hours. I guess I should of made it permanent.
But I just don't get how it's even possible to get through a router. It's a cheapy but still, it has no open ports to even hack into.
Archived topic from Anythingforums, old topic ID:756, old post ID:7741
But I just don't get how it's even possible to get through a router. It's a cheapy but still, it has no open ports to even hack into.
Archived topic from Anythingforums, old topic ID:756, old post ID:7741
Honk if you love Jesus, text if you want to meet Him!
someone hacked in my firewalled server
Humm thats bad.. I have no router and i see your having problemsRed Squirrel wrote: Well I think I sort of asked for it since this guy was hacking in a friend's PC so I knocked him off the net for a few hours. I guess I should of made it permanent.
But I just don't get how it's even possible to get through a router. It's a cheapy but still, it has no open ports to even hack into.
*Checks server logs*
**Everything is good**
Archived topic from Anythingforums, old topic ID:756, old post ID:7746
someone hacked in my firewalled server
Red Squirrel wrote: Well I think I sort of asked for it since this guy was hacking in a friend's PC so I knocked him off the net for a few hours. I guess I should of made it permanent.
But I just don't get how it's even possible to get through a router. It's a cheapy but still, it has no open ports to even hack into.
What does your server serve?
If there are no ports open then how does it serve whatever it is you are serving.
Lastly, you are running a very old distro of linux, where do you get the latest patches and security updates from?
Archived topic from Anythingforums, old topic ID:756, old post ID:7753
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
someone hacked in my firewalled server
There's open ports on the server for http and all that, but the router has no open ports, and the only way (that I know of) to access the server is if I would foward a port through the router which I'm not doing.
I only use this server for personal stuff so it's only accessable from my lan so that's why I don't bother upgrading distro, there's no point. I'm just going to loose stuff for nothing since it's almost guarantee I'd so something to screw it all up durring setup. If my data was on a seperate physical drive then I'd be safer since I'd just disconnect it.
Archived topic from Anythingforums, old topic ID:756, old post ID:7775
I only use this server for personal stuff so it's only accessable from my lan so that's why I don't bother upgrading distro, there's no point. I'm just going to loose stuff for nothing since it's almost guarantee I'd so something to screw it all up durring setup. If my data was on a seperate physical drive then I'd be safer since I'd just disconnect it.
Archived topic from Anythingforums, old topic ID:756, old post ID:7775
Honk if you love Jesus, text if you want to meet Him!
someone hacked in my firewalled server
I haxxored your warez.Red Squirrel wrote: My lan server is behind a router. Someone managed to hack into it and dumped a file in the / directory to let me know he was there. (just an empty file named after his IP address). I have no clue how it was possible since I'm behind a router and no ports are fowarded to the server.
The server itself may not really be secure since I'm a n00b at linux and once I get better then I'll consider to learn about security. I'm just wondering how the hacker managed to get past my router, and how I can find out what hole he got in by. I assume linux logs stuff like this, I just have no clue where to look. Thanks.
I hope there's no damage, but nothing noticable right now.
Archived topic from Anythingforums, old topic ID:756, old post ID:7792
-
- Posts: 35
- Joined: Thu Dec 18, 2003 8:40 am
someone hacked in my firewalled server
Red, run:
netstat -lpd to see what ports are open and by which programs.
if you think you've been comprimised take a look through your key log files (auth, ssh, apache) etc.
cg
Archived topic from Anythingforums, old topic ID:756, old post ID:9319
netstat -lpd to see what ports are open and by which programs.
if you think you've been comprimised take a look through your key log files (auth, ssh, apache) etc.
cg
Archived topic from Anythingforums, old topic ID:756, old post ID:9319