Hey Mallory some advice on hacking.. I would NOT say im the best.. far more out there better than me. As to why someone would do it.. there would have to be a motive. Otherwize somebody just like wasting their time and of course everybody elses. Causes and events on how the breach might have occured: Former IMP like you said, that would have had the passwd from before.. perhaps its possible that you had changed it for a few seconds for some reason and changed it back. This can be due to forgetfullness on your part. #1 I never change the password for just a few seconds.. The second reason could be on how you have your permissions set on your directory. Make sure that the files specified are for USER access only. Next, you want to make sure you have your passwd (encrypted) file out of reach.. ie hidden or even mounted on another file server like well.. ummm m Another thing might be to have something or someone check the types of files being run.. Im not going to go into detail on that one..and probably wont relay all my secrets.. but i have enough accts to last me a lifetime anywhere in the US. And ill just rap it up with one more note.. THE LOGS. With root access if you are a good enough hacker.. you can leave no evidence.. but sometimes that gets in the way, and has to speak for yourself. If you rememberd the last thing that was done BEFORE the hacker arrived.. then you can trace the history file so to speak. I believe you already did this to determine what the damage was.. but never the less... hide those too. Shadowing tools are good.. but not 100% affective.. they just take longer to reach.. Firewalls are good.. always affective other than localhost.. so that limits a great deal there depending on your total /usr swap. Then the final thing comes down to who you can trust on localhost server. If you know your /usrs are trustworthy, have firewall, maybe some WRAPPERS, you can have a site that is virtually 90% unhackable. Now.. besides the people that work at my ISP and have -su access. I have a site that nobody can reach.. in fact.. i have to mail this off my other acct just because the signiture from this one is whacked. Wouldn't translate through the mailing list unless Alex does it by hand it seems, multiple file servers. By the way.. i think your post was a good one.. and was worded great. Glad i could help somewhat... but thats what the list is for. :P -Darklord +-----------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://cspo.queensu.ca/~fletcher/Circle/list_faq.html | | Or send 'info circle' to majordomo@cspo.queensu.ca | +-----------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/18/00 PST