Void's Forums

[dishawjp]

Well, my wonderful server got rooted

It was a beautiful P120 w/16MB of RAM, a 500 MB hda and a 10 GB hdb for /home, running RH 6.1 and... now it looks like I may have to upgrade my hardware.

She dropped off the net late last week and I picked her up on Saturday. A friend of mine is a sysadmin for a local company and she lets me use a bit of her bandwidth as long as I keep it outside the company's firewall. Anyway, it was constantly sending e-mail to secure.com with a subject of bang-bang.

Saturday afternoon, I spent some time trying to fix it, after doing a bit of a post-mortem, while sipping on a 12 pack of brews with a buddy of mine. I first had to install a CD drive in it... yeah, it didn't even have a CD drive but I had an old 8x kicking around, so no biggie. Then I tried to install FC1, but it wouldn't boot the CD. So I made a bootdsk.img floppy, booted her off that and was doing fairly well until FC1 decided to refuse to install because of insufficient RAM. Hell, it had 16 MB! By that time, the 12 pack was gone and we made a run to pick up a case of cold ones. Thirsty work that was. We got back and I gave RH9 a go, but the results were about the same as with FC1. Also the darn thing would NOT boot with a RH9 CD. So, for giggles we booted her with Knoppix. No problem! So we decided to do a hard drive Knoppix install. Well, that went just fine... until the 500 MB hda ran out of space and the install aborted. And I couldn't find the partitioning utility.

Soooo I had an OpenBSD 3.4 CD (hey, it came with a Linux magazine) and figured "what the heck... let's play with BSD." About that time the case of beer was gone and I had to send the wife (my buddy and I were in no shape to drive by then) to get us some more beer. We really needed that

It wouldn't boot the BSD CD and I couldn't figure out how to make a BSD boot disk, but I popped it into another computer I have (my RH 6.2 oldie but goodie) and it booted there. But after messing with that for a bit, we decided to call it a night. I will be trying the BSD on a machine I don't care about soon though. It looks a bit different, but also like it could be fun.

And as to my my server... well, I'll be looking for some "modern" iron. Maybe a P233 w/64 MB of RAM or something

Jim Dishaw

[Void Main]

Heh heh, at least you accomplished something (you got pickled). I just ordered a new machine for around $120. The processor is supposed to be capable of 1.4Ghz but the motherboard is the limiting factor so it's only running 800Mhz (the MB/CPU combo is only $10 after rebate). It comes in a mini tower with a 300w PS and 256MB of RAM (The 250MB stick of RAM cost more than the rest of the system). I didn't order a hard drive as I just plan on moving the two over to the new machine that are in this machine.

[dishawjp]

Hi Void,

Yeah, we had a good time and the good part was that the hdb, which had all the important files on it is just fine. It's actually not just my server, my buddy and I share it and I've given some of my students accounts on it. I keep some work files on it and my buddy keeps some of his files there. It's just easier for me to access my stuff from there than to have to ftp them from the server the College provides me with. It's more of a toy than anything else.

I followed your thread on what's going on with this machine. I suppose I could put a few bucks into IP4 (the server's name) but it's no mission critical box and I'll put something together by next weekend. I do suppose that I'll have to shut down telnet though and do everything through ssh. My guess is that he either got in through my ftp or telnet port.

Considering that that I took no precautions and had insecure services like that running I'm not at all suprised that I did get rooted. My uptime was over 300 days when it got rooted and it was running unupdated RH 6.1 with ftpd and telnetd running. And it's been on the 'net with no firewall (other than ipchains) for about a year and a half. Try that with a Windows box

BTW, you and Calum were talking about how your machines were cobbed together. String and packing tape??? Don't you guys know about duct tape? Duct tape and pieces of cardboard were what held IP4 together I should have taken a picture. Had to be the ugliest functional computer in the world.

Jim Dishaw

[Void Main]

You didn't happen to find a root kit in the /usr/include/sdk256 directory did you? What's with these machines getting rooted lately? Don't know if you saw the thread where another one of our beloved members was rooted (also running an older version of Red Hat). As long as they leave me alone. :)

[dishawjp]

You didn't happen to find a root kit in the /usr/include/sdk256 directory did you?

No, but we were more interested in finding out what he was doing than how he did it. I still have the hard drive (hda) and may get around to poking through it some more, but when we got done with it, poor old IP4 was a bit of a mess. How would I identify a root kit there if I were to give it another go? We did look for recently modified files and stuff like that, but to no avail. But the truth of the matter is that we were both fully prepared to abandon the old install and upgrade the OS and get hammered while at it. And the final truth is that we accomplished only one of those two missions... we did get hammered

Jim Dishaw

[Tux]

Try Knoppix-STD

[Linux Frank]

Had to be the ugliest functional computer in the world.

I'll have to try and get the pic of this system scanned in, not so much ugly as 'out of the box'.

The problems have been well documented elsewhere, but it is currently hanging on by the skin of it's teeth. Things were are so bad (and I refuse to spend lots of money on computers), that I used to run my scanner on it and the regulator blew so I used a $1000 Power supply I had sitting around, to replace a $60 regulator.

I'm kind of glad because I tried Linux and overnight that wonderfiul OS stopped the bleeding.