Toggle navigation
Koozali.org: home of the SME Server
Community
Forums
Bugs
Lists
Forum Help
Download
SME Server ISOs
Contribs
Documentation
Manual
Wiki
FAQ
HowTo
Donate
Search
Login
Register
Login
Register
×
Close
Login
Remember me
Koozali.org: home of the SME Server
Legacy Forums
Experienced User Forum
Topic:
SERVER ATTACKED
« previous
next »
+
Print
Pages: [
1
]
Go Down
SERVER ATTACKED
8 Replies
722 Views
Chaloner Hale
SERVER ATTACKED
«
on:
December 30, 2001, 06:06:02 PM »
Well, my server surprised me today with a new user that called himself testkid "Test Kid". Someone broke in and added himself as a user. He never put in a password.
Chaloner Hale
Logged
Dan G.
Re: SERVER ATTACKED
«
Reply #1 on:
December 30, 2001, 06:45:11 PM »
How about some detail?
Do you have Public access enabled? PPTP? What open services do you advertise to the 'outside world?' Is your server physically secure? Are you on a LAN where an "insider" could have done it? If you are certain that is was a breakin thru a secure configuration (i.e., there is something fundamentally exploitable in an SME config that no one is yet aware of), you would be wise to notify the SME support team with specifics before posting here.
Logged
Justin
Re: SERVER ATTACKED
«
Reply #2 on:
December 31, 2001, 05:49:27 PM »
What other software have you installed on the server?
Logged
Chaloner Hale
Re: SERVER ATTACKED
«
Reply #3 on:
December 31, 2001, 06:20:28 PM »
This server is for testting/learning. I have Zope, Interchange, the mp3 blade, andromeda, seti@home (just installed), Hylafax (not really working), phpNuke, webcal, and an e-commerce test site.
Chaloner Hale
Logged
Justin
Re: SERVER ATTACKED
«
Reply #4 on:
December 31, 2001, 06:46:08 PM »
Do you have nuke patched?
It is a wide open security problem right now - nothing to do with e-smith.
That would be the first place I would look - I have seen 6-8 attacks on my server already in the past few weeks specifically attacking nuke.
Justin.
Logged
Zaphod
Re: SERVER ATTACKED
«
Reply #5 on:
January 02, 2002, 04:46:55 AM »
phpnuke is well known in the security world as the equivilent of hanging a sign on your server that says "Hey! Come get me!"
Seriously, there have been a *lot* of advisories on bugtraq and some of the other security mailing lists over the past year. I wouldn't be surprised at all if this is how someone got in. I believe Mitel even posted a warning on the front e-smith.org page about PHPnuke...
Logged
Rich Lafferty
Re: SERVER ATTACKED
«
Reply #6 on:
January 03, 2002, 01:29:14 AM »
Chaloner,
Apologies for the delay in responding to this; we've been closed over the Christmas holiday, and have thus been less attentive to the boards. I'll be sending you email with steps to take to help us analyze the break-in.
We do prefer that security problems be reported first to security@e-smith.com; in this case, that would have ensured immediate attention, and it also ensures that one is not inadvertently releasing information that invites others to break into other SME Servers (or, for that matter, into your own!).
Thanks,
Rich Lafferty
Network Server Solutions Group
Mitel Networks
Logged
Chaloner Hale
Re: SERVER ATTACKED
«
Reply #7 on:
January 03, 2002, 02:23:35 AM »
Sorry, but my server was rebooted shortly after. Usually I never turn it off as it runs SO WELL... Thanks anyway. There is nothing I am worried about losing on it anyway. If the problem happens again, I will follow your instructions.
Thanks,
Chaloner Hale
Logged
Garret
Re: SERVER ATTACKED
«
Reply #8 on:
January 05, 2002, 02:53:19 AM »
http://myphpnuke.com
. . . a secure alternative to php-nuke
Logged
+
Print
Pages: [
1
]
Go Up
« previous
next »
Koozali.org: home of the SME Server
Legacy Forums
Experienced User Forum
Topic:
SERVER ATTACKED