由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Security版 - Help, getting hacked
相关主题
How to find the version of sendmail?[转载] 请大家帮忙看看,机器被黑了
redhat 6.2 vs 7.1?HELP! HELP!
my personal web has been hackered twicekeylogger and email hacking
欢迎来零点BBS讨论security and hack专题。Oracle 9iAS存在众所周知的默认口令
要去睡了,这是我今天的战果  zhuan from honkerA Question.
rh的安全性laptop发出噪音是怎么回事?
Hack Sina ChatRe: Who know who to hacker?
请教!A real case of hacking ;)
相关话题的讨论汇总
话题: ip话题: user话题: my话题: hacked话题: name
进入Security版参与讨论
1 (共1页)
s*****d
发帖数: 258
1
I am quite certain that someone had broken into some of my unix machines.
And I need your help on several questions. Thanks in advance.
One is running AIX 4.1, it was known to be using as an open mail relay.
I found the following problem:
1. There is one extra user with the user name "+" and user id "0", this should
be a clear sign of hacking. Is that right?
2. There's a lot of failed login in my /ect/security/failedlogin, with user
name "UNKNOWN", and from some unidentified IP address. Such as
T********r
发帖数: 6210
2
from your description, your hosts perhaps are hacked. The
best solution is
to back all your data (no executive, even source code), and
then reinstall the systems totally. After installation,
change all users name and passwords, including root,
shutdown all services that are not necessary...
s*****d
发帖数: 258
3
Thank you very much for your help. Can you also give me some suggestions on
the questions in item 2 in my orginal post?

【在 T********r 的大作中提到】
: from your description, your hosts perhaps are hacked. The
: best solution is
: to back all your data (no executive, even source code), and
: then reinstall the systems totally. After installation,
: change all users name and passwords, including root,
: shutdown all services that are not necessary...

D*******I
发帖数: 29
4

I can help on this question: following is my trace result on
this IP
IP: Lacations:
207.45.222.217 41.883N, 87.617W
207.45.222.225 39.742N,104.992W
207.45.222.233 37.442N,122.142W
207.45.223.74 47.608N,122.325W
207.45.222.86 49.250N,122.942W
207.45.223.174 48.817N,124.025W
207.45.223.154 48.817N,124.025W
203.50.13.69 33.825S,151.200E
203.50.13.66 33.825S,151.200E
139.130.249.226 33.825S,151.200E
203.50.6.129 33.825S,151.200E
139.130.36.238 33.825S,1

【在 s*****d 的大作中提到】
: I am quite certain that someone had broken into some of my unix machines.
: And I need your help on several questions. Thanks in advance.
: One is running AIX 4.1, it was known to be using as an open mail relay.
: I found the following problem:
: 1. There is one extra user with the user name "+" and user id "0", this should
: be a clear sign of hacking. Is that right?
: 2. There's a lot of failed login in my /ect/security/failedlogin, with user
: name "UNKNOWN", and from some unidentified IP address. Such as

l***a
发帖数: 2
5
How do you obtain the location info from the ip on the trace?

【在 D*******I 的大作中提到】
:
: I can help on this question: following is my trace result on
: this IP
: IP: Lacations:
: 207.45.222.217 41.883N, 87.617W
: 207.45.222.225 39.742N,104.992W
: 207.45.222.233 37.442N,122.142W
: 207.45.223.74 47.608N,122.325W
: 207.45.222.86 49.250N,122.942W
: 207.45.223.174 48.817N,124.025W

D*******I
发帖数: 29
6
It wont' help a lot, but:
1. make you feel much better
2. if he continue attack, we have the info to further locate
him
3. If he really from that city, we have the ISP's name which
can be used to completely locate him from ISP's log file
given the time he lunchs the attack from that IP ( incase of
a crime, and this is the CCP's trick to find out who's the
guy who post antiCCP stuff on bbs )
I guess he's just playing around.
s*****d
发帖数: 258
7
Thank you very much! I posted it about 6 weeks ago. Also my thanks to carmel
and other friends.
I also think these guys are just playing around, not a big problem. The real
problem is that somebody is continuously using my workstation as a mail relay.
I have tried to block it by removing the "-bd" switch for my sendmail, then
it sems will not be able to forward any email :-(. guess I have to upgrade my
sendmail, 'coz it's really old (5.64).
Thanks again for your kind help.

【在 D*******I 的大作中提到】
: It wont' help a lot, but:
: 1. make you feel much better
: 2. if he continue attack, we have the info to further locate
: him
: 3. If he really from that city, we have the ISP's name which
: can be used to completely locate him from ISP's log file
: given the time he lunchs the attack from that IP ( incase of
: a crime, and this is the CCP's trick to find out who's the
: guy who post antiCCP stuff on bbs )
: I guess he's just playing around.

D*******I
发帖数: 29
8
some useful site:
I . Hack Thyself
1. grc.com // auto scan and will issue a report to you for
any holes
2. hackerwhacker.com
3. dslreports.com
II Protection
1. zonelabs.com // auto plugs the holes free for home use

【在 s*****d 的大作中提到】
: Thank you very much! I posted it about 6 weeks ago. Also my thanks to carmel
: and other friends.
: I also think these guys are just playing around, not a big problem. The real
: problem is that somebody is continuously using my workstation as a mail relay.
: I have tried to block it by removing the "-bd" switch for my sendmail, then
: it sems will not be able to forward any email :-(. guess I have to upgrade my
: sendmail, 'coz it's really old (5.64).
: Thanks again for your kind help.

a***s
发帖数: 2
9

Excuse me...can you tell me where to get the localtion of IP??
Anywhree can get it..???Please mail me..Thanx...^^
c******[email protected]

【在 D*******I 的大作中提到】
: some useful site:
: I . Hack Thyself
: 1. grc.com // auto scan and will issue a report to you for
: any holes
: 2. hackerwhacker.com
: 3. dslreports.com
: II Protection
: 1. zonelabs.com // auto plugs the holes free for home use

1 (共1页)
进入Security版参与讨论
相关主题
A real case of hacking ;)要去睡了,这是我今天的战果  zhuan from honker
Re: 如果由一个IP,比如24.93.40.147知道计算机的位置?rh的安全性
Re: how to hack 263 ,163 mail serverHack Sina Chat
请教:如何隐藏自己上网电话号码?请教!
How to find the version of sendmail?[转载] 请大家帮忙看看,机器被黑了
redhat 6.2 vs 7.1?HELP! HELP!
my personal web has been hackered twicekeylogger and email hacking
欢迎来零点BBS讨论security and hack专题。Oracle 9iAS存在众所周知的默认口令
相关话题的讨论汇总
话题: ip话题: user话题: my话题: hacked话题: name