Hacked
It’s been a while since I’ve had a free minute to post, and I don’t have a whole lot of time today as it is. For the first time that I know of, someone was using my system as a launching point for emailing spam. I’ve noticed my network connection has bee quite active recently, and I wasn’t sure just why. The hacker got in through a hole I didn’t know about – my roommate’s ssh account. I set up an account for him to use to move files to my machine for me to work on some video things for him. As it turns out, he must have used a VERY insecure password. Anyway, I changed the password to something secure, and killed all the processes. I kinda wish I had held onto the scripts, but they’re gone now.
I think I need to get a network profiler back up again…
That’s the same way they got into my machine … only mine was Gentoo setup a mythtv user with the password mythtv and it had permission to SSH. I’ve been seeing more and more of these attacks which is why I’ve been relying on DenyHosts. It’s pretty straight forward for a setup and it cut down the number of hits like this to at least half (especially now that they added the “invalid accounts insta-ban”).
Unlike you though, I kept all of the scripts, usernames, passwords, etc that my “visitor” left. They are burned on a CD with MD5 and SHA-1 hashes in the even that the FBI ever comes to talk about him … highly doubtful, even though I provided them with his username/password and FTP sites he was taking stuff from. Damned ethics prevent me from dropping the info in some script kiddie room as well … sigh.