Page 1 of 1
someone hacked in my firewalled server
Posted: Wed Aug 04, 2004 9:58 pm
by Red Squirrel
My lan server is behind a router. Someone managed to hack into it and dumped a file in the / directory to let me know he was there. (just an empty file named after his IP address). I have no clue how it was possible since I'm behind a router and no ports are fowarded to the server.
The server itself may not really be secure since I'm a n00b at linux and once I get better then I'll consider to learn about security. I'm just wondering how the hacker managed to get past my router, and how I can find out what hole he got in by. I assume linux logs stuff like this, I just have no clue where to look. Thanks.
I hope there's no damage, but nothing noticable right now.
Archived topic from Anythingforums, old topic ID:756, old post ID:7726
someone hacked in my firewalled server
Posted: Wed Aug 04, 2004 10:56 pm
by Joe
Do people really have nothing better to do then hack into computers..
Archived topic from Anythingforums, old topic ID:756, old post ID:7736
someone hacked in my firewalled server
Posted: Wed Aug 04, 2004 11:01 pm
by Andy
Joe wrote: Do people really have nothing better to do then hack into computers..
Really. gess tell em all to find a porn site or something to keep them selfs happy not screw with other peoples PC/Servers.
Red I may need your help with my server then.
Archived topic from Anythingforums, old topic ID:756, old post ID:7738
someone hacked in my firewalled server
Posted: Wed Aug 04, 2004 11:09 pm
by Red Squirrel
Well I think I sort of asked for it since this guy was hacking in a friend's PC so I knocked him off the net for a few hours. I guess I should of made it permanent.
But I just don't get how it's even possible to get through a router. It's a cheapy but still, it has no open ports to even hack into.
Archived topic from Anythingforums, old topic ID:756, old post ID:7741
someone hacked in my firewalled server
Posted: Wed Aug 04, 2004 11:26 pm
by Andy
Red Squirrel wrote: Well I think I sort of asked for it since this guy was hacking in a friend's PC so I knocked him off the net for a few hours. I guess I should of made it permanent.
But I just don't get how it's even possible to get through a router. It's a cheapy but still, it has no open ports to even hack into.
Humm thats bad.. I have no router and i see your having problems
*Checks server logs*
**Everything is good**
Archived topic from Anythingforums, old topic ID:756, old post ID:7746
someone hacked in my firewalled server
Posted: Thu Aug 05, 2004 5:05 am
by Bruce
Red Squirrel wrote: Well I think I sort of asked for it since this guy was hacking in a friend's PC so I knocked him off the net for a few hours. I guess I should of made it permanent.
But I just don't get how it's even possible to get through a router. It's a cheapy but still, it has no open ports to even hack into.
What does your server serve?
If there are no ports open then how does it serve whatever it is you are serving.
Lastly, you are running a very old distro of linux, where do you get the latest patches and security updates from?
Archived topic from Anythingforums, old topic ID:756, old post ID:7753
someone hacked in my firewalled server
Posted: Thu Aug 05, 2004 6:58 pm
by Red Squirrel
There's open ports on the server for http and all that, but the router has no open ports, and the only way (that I know of) to access the server is if I would foward a port through the router which I'm not doing.
I only use this server for personal stuff so it's only accessable from my lan so that's why I don't bother upgrading distro, there's no point. I'm just going to loose stuff for nothing since it's almost guarantee I'd so something to screw it all up durring setup. If my data was on a seperate physical drive then I'd be safer since I'd just disconnect it.
Archived topic from Anythingforums, old topic ID:756, old post ID:7775
someone hacked in my firewalled server
Posted: Fri Aug 06, 2004 1:40 am
by Anonymous
Red Squirrel wrote: My lan server is behind a router. Someone managed to hack into it and dumped a file in the / directory to let me know he was there. (just an empty file named after his IP address). I have no clue how it was possible since I'm behind a router and no ports are fowarded to the server.
The server itself may not really be secure since I'm a n00b at linux and once I get better then I'll consider to learn about security. I'm just wondering how the hacker managed to get past my router, and how I can find out what hole he got in by. I assume linux logs stuff like this, I just have no clue where to look. Thanks.
I hope there's no damage, but nothing noticable right now.
I haxxored your warez.
Archived topic from Anythingforums, old topic ID:756, old post ID:7792
someone hacked in my firewalled server
Posted: Thu Aug 26, 2004 10:25 pm
by closet geek
Red, run:
netstat -lpd to see what ports are open and by which programs.
if you think you've been comprimised take a look through your key log files (auth, ssh, apache) etc.
cg
Archived topic from Anythingforums, old topic ID:756, old post ID:9319