On Wed, Aug 20, 2003 at 09:03:28PM -0500, PHPTOm wrote:
>I think I have found the answer to my problems.  I got into a shell using
>disc 1 of the installation cds.  I switched to super user mode and saw
>various commands in the history that were not mine.  Someone got in earlier
>this week and did some bad things to my system.  Below is the history if
>anyone is interested in seeing what they were up to.  Any explanation of
>what they did is welcome.  It was pretty much a fresh install, so I wiped
>the disc and I am reinstalling.  I think I need to learn much more about
>security.
<*snip-kiddie*>

I would certainly recommend getting a firewall set up before you rebuild
that box.  Chances are good that what you installed the first time will
still be vulnerable when you install it the second and third times.

If you are new to computer security in general, you should never, ever,
put a computer on the internet without a firewall before it.  That said,
you should never put a computer on the internet without said box having
some defensive meaures in place, and/or behind some sort of a firewall.

Especially if you are a home user with a cable or dsl modem or any
type of 'always on connection' you *must* have a firewall before your
computer or your LAN of computers.  There are many firewall solutions
ranging from the the $30 Linksys/D-Link units you can buy, to Linux based
solutions available freely on the internet (most of which require very
minimal hardware that your can dumpster dive from your local alley :)).

I offer you, and all in your similar position, a very few links (besides
the implied http://google.com), and a great deal of encouragement:

Security Focus aka bugtraq
	an excellent resource for all things security
http://securityfocus.com/

IP Cop
	a very versatile Linux based firewall
http://ipcop.org

PicoBSD
	a BSD based floppy firewall

Coyete Linux
	a Linux based floppy firewall

I would also suggest that you subscribe  to your distros (Red Hat,
Debian, SuSe...) security or update mailing list.  Subscribe to lots of
security mailing lists for that matter.  Keep asking questions and
reading, and do some more reading and google'n, ask a few more
questions.  lather, rinse, repeat.  In no time you will be intelligently
answering security questions yourself :)

-- 
Linux Administrator || Technology Specialist || Wifi Engineer
http://autonomous.tv/~spencer/resume/ || spencer at autonomous.tv
Key fingerprint = 173B 8760 E59F DBF8 6FD2  68F8 ABA2 AB08 49C7 4754
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030820/a37c3ba6/attachment.pgp