URGENT: I think this machine gets hacked...

Support for security such as Firewalls and securing linux
computec
Posts: 1
Joined: 2007/09/04 02:00:09

Re: URGENT: I think this machine gets hacked...

Post by computec » 2007/09/04 02:21:45

Hi. Bad news...
I have 2 servers with the exact same things.
System are behind a filtering bridge, with ports 22, 25, 53 and 80 open.
All updates aplied....
I can see users login in with root valid password. All passwords are compromised.
Cannot restart sshd processes and they are not visible processes.
Checksum of sshd binaries and others dont match anymore.
I have read some of GSSAPI bug in sshd. Anyone knows if it is exploitable.
Any ideas to remove the infection?
Rkhunter says they are traces for Suckit RootKit.

foxb
Posts: 1924
Joined: 2006/04/20 19:03:33
Location: Montreal/QC

Re: URGENT: I think this machine gets hacked...

Post by foxb » 2007/09/04 14:27:07

Some reading

http://www.stanford.edu/group/security/securecomputing/alerts/multiple-unix-6apr2004.html

Will be better to start new topic next time and just note that is similat to this one (with link)

Post Reply

Return to “CentOS 4 - Security Support”