in reply to Re: ACKKKKKKKKK! I Have been cracked! in thread ACKKKKKKKKK! I Have been cracked!
As an aside that is hopefully not too OT, one of the boxes here was cracked once.
It was all because of a simple (human) error. POP3/FTP passwords
are sent plaintext, and so the system was configured to
have different passwords for POP3/FTP from the system
accounts. Unfortunately, due to laziness, I suppose, one of
the admins set their password to be the same for both and later
logged in from home to check their mail.
A few days later, our box was cracked with an off-the-shelf
"root kit". Even though we were using SSH, they were able
to "sniff" the POP3 password over their cable modem and
then log in using SSH, use SUDO, and have their way with
our system.
Thankfully the 'haX0r' only ran some sort of IRC bot or
relay program and didn't do any real damage.
Always make sure that your POP3 and FTP passwords are not
the same as your SSH login! Especially for users with
'sudo' access!
|