Topic: Security question

[makamum]

I was running an E-Smith 6.0 server as a sial up gateway and private server.  It appears someone found a way in the back door the other day and had the system hosed up good.  I've wiped the disk and reinstalled the latest version.  Is there anything else I can do to keep this from happening again?  From what I've read I thought I was secure?

[raem]

It depends what you turned on (some services are not secure), and what other rpms etc you install. They may well have vulnerabilities.

What services were running ?
What other contribs & add ons were installed ?

This information would be good to analyse where your vulnerability was, and then the rest of us can take heed.

[makamum]

I had to get it going asap so I didn't save any of the log files but it was a plane vanilla install of 6.0 (the last mitel version) as a private server/gateway.  I didn't install any mods to the server hoping the base server install would provide all the tools I needed (secure dialup gateway).  The way I noticed it failed is the dialup connection just went down.  Upon investigating the log files it appeared that someone had been logging in remotely. That's when I knew something was up. At that point it came out and was rebuilt.  Hasty decision. In looking back I should of saved some of the info. I wasn't using any remote access services and I know FTP was turned off.  That's about all I remember.  
It was a great server.  Running on a ups it had been up for just about a year providing internet access for three users 5 days a week, limited access afterhours and none on the weekend.

[raem]

makamum

> .......it had been up for just about a year

That's suggestive that it was an older version eg v5.6, which probably had some security flaws especially if you had not applied the security patches that were released. No surprise that it may have gotten hacked.