Page 1 of 2
Haha, I got Hacked
Posted: Fri Jun 02, 2006 5:03 pm
by Ambush Commander
Haha, I got Hacked. Fortunantely, it was done by a friend of mine, so a month later they notified me about their exploits. The problem? A password written on a post-it note.
However, this does pose some very important problems. Because my manager is no-where near tech savvy enough to remember these sorts of things, I was forced to write down the password myself onto the post-it, thinking that no one else would be tech-savvy enough to interpret what it meant.
This, as you can understandably see, causes some troubles. Any recommendations?
Posted: Fri Jun 02, 2006 5:09 pm
by Christopher
Use disappearing ink?
Posted: Fri Jun 02, 2006 5:15 pm
by Ambush Commander
Doesn't seem very viable. Someone's bound to throw out a blank piece of paper.
Maybe I should force him to remember it? I even gave detailed instructions on how to log onto the server. >.>
Also, I'm not relishing the fact that now I have to check everything on the server to make sure he didn't add anything else that he didn't tell me about (he's not exactly a White Hat and has no qualms about penetration testing).
Posted: Fri Jun 02, 2006 5:16 pm
by feyd
frontal lobotomy of manager. He won't miss much.
Posted: Fri Jun 02, 2006 5:20 pm
by Ambush Commander
Well, I suppose he won't notice if I quietly phase out FTP and SSH access on his account. (I bet he doesn't even know what SSH is >.>)
I'm guessing you don't check your access logs very often, because I uploaded that ftp file about a month ago *evil grin* =] when I noticed the password on his monitor.
What does he mean by access logs? Is there really some FTP transfer log I can access on the server?
Posted: Fri Jun 02, 2006 5:22 pm
by Christopher
Seriously, the only way to maintain security with with people like that is to force them to call you when they forget. The upside is that you can expire and regenerate new passwords whenever and they won't notice.
Posted: Fri Jun 02, 2006 5:26 pm
by Ambush Commander
Seriously, the only way to maintain security with with people like that is to force them to call you when they forget.
Sounds good. Still would like to know about ftp logs though...
Posted: Fri Jun 02, 2006 5:32 pm
by Christopher
grep -i ftp /var/log/messages
Posted: Fri Jun 02, 2006 5:39 pm
by Ambush Commander
Query's been running for a few minutes now... no results. I also tried `find` for FTP in the filename, but no such luck.
Posted: Fri Jun 02, 2006 9:34 pm
by timvw
If i hacked your server, i'd unset $HISTORY :p (and remove all the parts in the logfiles where i'm tracked...)
If your system has been penetrated, take it offline, find out which data has not been modified (otherwise you'll have to digg through backups to find the most recent version).. and reinstall.
I prefer to use private/public keys in order to logon remotely... This way i don't have to remember the credentials on the host.. (Well, i do have to remember the passphrase of my private key)... Just generate a random, long enough root password, print it out, put it in a letter, close the letter, and place it somewhere central... This way, you'll notice if the password is gone :p
Posted: Sat Jun 03, 2006 8:42 am
by tarnus
If he's not using ssh you might move ssh to a non-standard port where most people do not know where to look for it. Also if your the only one accessing root on the server (it sounds like thats the it should be) As Tim mentioned setup a public/private key for ssh.
I've had hacker problems off and on over the past 10 plus years, they are like ants, ya get rid of em once, eventually they figure a way to get back in.
Best protection from being hacked is your power button

Posted: Sat Jun 03, 2006 9:12 am
by Maugrim_The_Reaper
However, this does pose some very important problems. Because my manager is no-where near tech savvy enough to remember these sorts of things, I was forced to write down the password myself onto the post-it, thinking that no one else would be tech-savvy enough to interpret what it meant.
Inform your manager he/she is a security risk. It's the truth afterall.
I know complex passwords can be horrendously difficult to remember but the only other solution is to reduce the password strength (pretty common in large organisations) so its more easily recalled or have a system for resetting it when forgotten or both. Writing it down physically on paper is just a no-no.
Posted: Sat Jun 03, 2006 10:25 am
by Ambush Commander
If your system has been penetrated, take it offline, find out which data has not been modified (otherwise you'll have to digg through backups to find the most recent version).. and reinstall.
Root was not compromised since the site was on a shared server. Furthermore, I doubt that he figured out that SSH login was the same as the FTP login.
I prefer to use private/public keys in order to logon remotely... This way i don't have to remember the credentials on the host..
I was slightly surprised that Dreamhost's SSH didn't have this by default: two other servers which at one time or another I had access to mandated PP logins. I'll investigate (or if anyone wants to throw me a bone.

I don't have root access)
Inform your manager he/she is a security risk. It's the truth afterall.
I don't think that would be the most judicious course of action. Just quietly phase out the dangerous parts, and if he notices they're gone, then I'll explain.
Posted: Sat Jun 03, 2006 2:14 pm
by nickvd
All you should have to do, is create the key's on the client machine and append the public key onto ~/.ssh/authorized_keys
Can't help you generate the key for a windows box, but on Linux it's
Posted: Sat Jun 03, 2006 2:20 pm
by Ambush Commander
I got it working using Putty's `puttygen`. Slight snag due to incorrect permissions, but it's fine now.