K
kaboom
Guest
Dear all,
After the proftp exploit about 30 servers were hacked and 3 times our network went down for about 2 hours (+1000M). We had to reinstall 3 servers with 8 rootkits on it and the other 27 servers had all /authback in /tmp with root rights! After the warning email of Parallels our network went down in less then half an hour. All these servers had no secure IP on FTP (eg iptables or firewall) because these are customer servers with changing local Internet IP addresses.
/tmp/Authback installer places a rnd file in /etc and authorized_keys are changed in .ssh
This is the most serious hack for us since 10 years, now everything looks secure again but this joke took a few days of work. Are there any other people with these same problems? Please let me know.
Thanks in advance,
Greetings Kaboom
After the proftp exploit about 30 servers were hacked and 3 times our network went down for about 2 hours (+1000M). We had to reinstall 3 servers with 8 rootkits on it and the other 27 servers had all /authback in /tmp with root rights! After the warning email of Parallels our network went down in less then half an hour. All these servers had no secure IP on FTP (eg iptables or firewall) because these are customer servers with changing local Internet IP addresses.
/tmp/Authback installer places a rnd file in /etc and authorized_keys are changed in .ssh
This is the most serious hack for us since 10 years, now everything looks secure again but this joke took a few days of work. Are there any other people with these same problems? Please let me know.
Thanks in advance,
Greetings Kaboom