Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security <gentoo-security@g.o>
From: Tom Hosiawa <tomek32@...>
Subject: my security faqs?
Date: Mon, 02 Feb 2004 23:47:43 +0000
The previous message about his apache machine being hacked brings up a
question I have. How does one tell they've been hacked from just looking
at the logs?

I know it depends on what service is running, but how do you know what
to look for? Do you routinely scan logs? Is there some program that
automatically scans logs for obvious things?

Which brings me to another question. I've been getting some returned
mails, that I know I didn't send, saying undeliverable mail to such and
such (mostly from aol, hotmail, etc). This one particular returned email
I got on my university account worries me a little more, because it got
returned from another university mail server, saying the possibility the
message contained a virus. How do I make sure this isn't coming from one
of my home computers?

It should be noted that my home network consists of my server (gentoo),
laptop (gentoo 99%, winxp the other time), and a desktop that runs
WinXP. My home network is behind a router, with only ssh port forwarded
to the server. I used to use djbdns, until a ping to my domain once
returned a 192 address, so I shut it down (will move to bind in the
future). I only check email on gentoo laptop, so I'm thinking it's more
likely than not that my email address is being spoofed.

Tom


--
gentoo-security@g.o mailing list

Replies:
Re: my security faqs?
-- Bill McCarty
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
hacked via Apache/PHP/CGI/...?
Next by thread:
Re: my security faqs?
Previous by date:
Re: hacked via Apache/PHP/CGI/...?
Next by date:
Re: my security faqs?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.