Strange command histories in hacked shell history

Jerry Bell jerry at syslog.org
Sat Dec 18 19:14:28 PST 2004


 > I do agree with that, espeically the first paragraph " ... no
> matter how paranoid your philsophy ..."
>
> I have had one instance of an attempt was I had missed one machine
> out of about 8 applying one security patch.  All were patched
> within hours, the one that got hit was 2 days later.  You have to
> get to any patches as soon as the hole becomes known.

Really bad things usually happen as a result of a series of small mistakes
or oversights.
>
> And my machines are pretty accessable to the world being on a
> backbone.  One machine was getting about 300,000 spams/day until
> I finally took off all MX for that domain. If anyone has problems
> they need to perform a whois and use those contacts.  It's one of
> those domains whose name alone drives it up the list.
>

Spammers, IMO, are one of the strongest offenders of system hacking today
- they have a real financial interest in getting into your system.

> I haven't set the security levels high as that means that any
> problems would require driving to the colo - and that's about
> 1/2 hour at 3AM - and two to three times higher during the daylight
> hours.
>
If your problem with hardening your system is the need to "be in front of
it", there are some ways around it.  Probably the most reliable and
convenient is a network KVM and network power switch.  Sometimes, you can
get your colo to provide that for an extra charge, or you can buy it
yourself (quite a few choices on ebay these days.  It doesn't take many
trips to the colo at 12am to make it worthwhile :)
Alternatively, most all of the "hardening" can be worked around, such as
lowering the security level and rebooting, or using the
/usr/share/examples/ipfw/change_rules.sh script for modifying ipfw rules
remotely.  It certainly isn't as convenient as being at the console, but
you can do it, if you're careful.

Jerry
http://www.syslog.org




More information about the freebsd-security mailing list