[NTLUG:Discuss] SRJ servers hacked and destroyed!

[MadHat]

"Daniel L. Shipman" wrote:
> 
> Sorry - I forgot there was a distinction - between the two - hackers &
> crackers - these individuals called themselves hackers - my head has been
> rather clouded with all of this
> 
> Please let me clarify that I was NOT simply venting to this group - if you
> look back over the past year you will see that I HAVE been and continue to
> be a participating member of this list - I do not simply lurke and wait for
> the opportunity to vent frustration
> 
> The reason I submitted my story to the group is that I believe this is a
> valuable discussion point - all members should become security experts - I
> am looking for help not a flame war
> 

Understood.  It is very frustrating.  At least you got some info
together about it (as most logs are fried by "crackers") and was
actually able to get some help on it (as far as the Feds are
concerned).   

BTW, someone said you were asking for it by running telnet and FTPd on a
web server (along with DNS).  Please don't listen.  It is not always
possible to have a machine for every service (money and such) and if you
are running a business where you are hosting FTPd on a web server is
almost manditory.  I do agree with getting rid of telnet for SSH (Open
or not) and a firewall, or at least firewall rules on the box itself,
would also be recomended.  And of course, the first step is to try to
keep you daemons up to date.


-- 
MadHat at unspecific.com
                                   "The 3 great virtues of a programmer:
                                      Laziness, Impatience, and Hubris."
                                                 --Larry Wall