800 YARGHS! but this be a post for security guys. - GoFuckYourself.com

Chio The Pirate · 03-22-2005, 05:17 PM

YARGH! 800 posts. Normally I'd post a pic, but me fuckoff server got hacked. While it wasn't a big deal, (it needed a restore anyway) what's the best way to lock it down. Apparently the guy got in through eggdrop. It was something put on the box by an old employee of mine. Any ideas, tips are appreciated.

AHOY! me sharkies!

Steve · 03-22-2005, 05:19 PM

dont know how to do it myself, but SSH access via approved IPs, and secure FTP should be good

if I knew what swiftwill does, I'd say do that - they have mega tight security

Chio The Pirate · 03-22-2005, 05:21 PM

YARGH! Thanks Steve, that's the way all my others are setup. Anything else to pay attention to? I usually set all ports to non-standards too, but any portscan would find them.

steadfast · 03-22-2005, 05:25 PM

You never check the processes on that box to see that someone was running a eggdrop?

Chio The Pirate · 03-22-2005, 05:28 PM

YARGH!

I knew it was there, but like I said it was my fuck around server so I wasn't too worried. It's been on their since 02, and this was the first time it was hacked.
Not 100% sure that was the way he got in, which is why I posted this.

Pirate Mode Re-enabled
YARGH! Where be me boner! Swab me decks! Ahoy me hearties! That's better

theonanistscorner · 03-22-2005, 05:38 PM

hey man!, how are you ? ... well, i'll try to help you even thought i really don't know the enviroment you are running ...

First of all ... i'm periodically reading security mailing lists cause i work developing exploits and i didn't notice any existing bug lately on eggdrop ... so if you are right and they hacked you that way ... well, its surely a 0day exploit, which means you won't have a patch avaliable so it may happen again! ...

but don't get crazy, you still may protect from this attacks ... or at least make them 10 times worst to exploit a vulnerability ... and here is what you can do:

I don't know which operating system you are running ... but i'll try to help you on almost all i know:

If you are running OpenBSD, the latest versions, and you got hacked with all their security features enabled ... well ... just asume you don't own any more that machine cause the one who made it really knows what he is doing ...

If you are running a linux server, try fedora 2 ... enable all their security features ... to be more specifically: Apply PaX ( This is a kernel level patch which bring you a lot of security enforsments which almost make a bug un-exploitable ... ) ... Try also grsecurity patch ... this patch is really useful if you know what you are doing ... you can prevent specific application executing specific syscalls ... for example ... if you are running an apache server, you know it won't bind to a port except the one it uses to listen the http requests ... well ... you can enforce this type of things ...

So basically ... what you can do to be almost sure you won't be hacked again if you don't know very much what you are doing: Install PaX and grsecurity patches, or enable all fedora security options ( At the moment, the most secure linux distribution ) ...

If you are running a Windows system ... i'm really don't know very much this platform but i think there is nothing like PaX on Windows, so i seggest moving to Windows 2003 which has some of this security enforsments ... i also would install some sort of IDS like snort to al least detect what are they exploiting, check out in your logs if you have any SIGSEGV reported by any application, on windows this is called ACCESS VIOLATION i think ...

Well, thats all i can think of with the information i have, i just made you some general security enforcements ... if you could give us more information, maybe i could help you more, just drop me a PM and i will help you if a can ... god bye man, and good luck with that fucking bastard :p ...
/s

Major (Tom) · 03-22-2005, 06:52 PM

chio if you want free hosting to host your sig lemme know. i love that sig, i will do all i can to see it again

Yarggh!
Duke

teksonline · 03-22-2005, 06:55 PM

hit me up on aim or icq

freebsdteks
48721721 and i can help you with box

Chio The Pirate · 03-22-2005, 08:37 PM

Quote:

Originally Posted by DukeSkywalker

chio if you want free hosting to host your sig lemme know. i love that sig, i will do all i can to see it again

Yarggh!
Duke

YARGH!
Me ugly mug'll be up soon. Server is up just having some issues with ip's. Thanks though.

03-22-2005, 05:17 PM	#1
Chio The Pirate Confirmed User Join Date: Oct 2002 Location: YARGH! On me big sailboat with the skull flags * * ICQ: 39-183769 Posts: 946	800 YARGHS! but this be a post for security guys. YARGH! 800 posts. Normally I'd post a pic, but me fuckoff server got hacked. While it wasn't a big deal, (it needed a restore anyway) what's the best way to lock it down. Apparently the guy got in through eggdrop. It was something put on the box by an old employee of mine. Any ideas, tips are appreciated. AHOY! me sharkies! __________________ Need to get a site indexed in a few days? Want thousands of targeted, quality hits to your site? Want to beta test something that will revolutionize the way companies, and individuals advertise online.? Click here to take a look at Bliggo

03-22-2005, 05:21 PM	#3
Chio The Pirate Confirmed User Join Date: Oct 2002 Location: YARGH! On me big sailboat with the skull flags * * ICQ: 39-183769 Posts: 946	YARGH! Thanks Steve, that's the way all my others are setup. Anything else to pay attention to? I usually set all ports to non-standards too, but any portscan would find them. __________________ Need to get a site indexed in a few days? Want thousands of targeted, quality hits to your site? Want to beta test something that will revolutionize the way companies, and individuals advertise online.? Click here to take a look at Bliggo

03-22-2005, 05:28 PM	#5
Chio The Pirate Confirmed User Join Date: Oct 2002 Location: YARGH! On me big sailboat with the skull flags * * ICQ: 39-183769 Posts: 946	YARGH! I knew it was there, but like I said it was my fuck around server so I wasn't too worried. It's been on their since 02, and this was the first time it was hacked. Not 100% sure that was the way he got in, which is why I posted this. Pirate Mode Re-enabled YARGH! Where be me boner! Swab me decks! Ahoy me hearties! That's better __________________ Need to get a site indexed in a few days? Want thousands of targeted, quality hits to your site? Want to beta test something that will revolutionize the way companies, and individuals advertise online.? Click here to take a look at Bliggo Last edited by Chio The Pirate; 03-22-2005 at 05:29 PM..

03-22-2005, 05:38 PM	#6
theonanistscorner Registered User Join Date: Dec 2004 Posts: 50	hey man hey man!, how are you ? ... well, i'll try to help you even thought i really don't know the enviroment you are running ... First of all ... i'm periodically reading security mailing lists cause i work developing exploits and i didn't notice any existing bug lately on eggdrop ... so if you are right and they hacked you that way ... well, its surely a 0day exploit, which means you won't have a patch avaliable so it may happen again! ... but don't get crazy, you still may protect from this attacks ... or at least make them 10 times worst to exploit a vulnerability ... and here is what you can do: I don't know which operating system you are running ... but i'll try to help you on almost all i know: If you are running OpenBSD, the latest versions, and you got hacked with all their security features enabled ... well ... just asume you don't own any more that machine cause the one who made it really knows what he is doing ... If you are running a linux server, try fedora 2 ... enable all their security features ... to be more specifically: Apply PaX ( This is a kernel level patch which bring you a lot of security enforsments which almost make a bug un-exploitable ... ) ... Try also grsecurity patch ... this patch is really useful if you know what you are doing ... you can prevent specific application executing specific syscalls ... for example ... if you are running an apache server, you know it won't bind to a port except the one it uses to listen the http requests ... well ... you can enforce this type of things ... So basically ... what you can do to be almost sure you won't be hacked again if you don't know very much what you are doing: Install PaX and grsecurity patches, or enable all fedora security options ( At the moment, the most secure linux distribution ) ... If you are running a Windows system ... i'm really don't know very much this platform but i think there is nothing like PaX on Windows, so i seggest moving to Windows 2003 which has some of this security enforsments ... i also would install some sort of IDS like snort to al least detect what are they exploiting, check out in your logs if you have any SIGSEGV reported by any application, on windows this is called ACCESS VIOLATION i think ... Well, thats all i can think of with the information i have, i just made you some general security enforcements ... if you could give us more information, maybe i could help you more, just drop me a PM and i will help you if a can ... god bye man, and good luck with that fucking bastard :p ... /s

03-22-2005, 06:52 PM	#7
Major (Tom) White Pride Industry Role: Join Date: Nov 2003 Location: Null Posts: 31,206	chio if you want free hosting to host your sig lemme know. i love that sig, i will do all i can to see it again Yarggh! Duke __________________ WHITE LIVES MATTER

03-22-2005, 05:19 PM	#2
Steve Confirmed User Join Date: Feb 2001 Location: USA Posts: 6,894	dont know how to do it myself, but SSH access via approved IPs, and secure FTP should be good if I knew what swiftwill does, I'd say do that - they have mega tight security

03-22-2005, 05:25 PM	#4
steadfast Confirmed User Join Date: Mar 2005 Posts: 2,362	You never check the processes on that box to see that someone was running a eggdrop?

03-22-2005, 06:55 PM	#8
teksonline So Fucking Banned Join Date: Jan 2005 Location: At My Desk Posts: 2,904	hit me up on aim or icq freebsdteks 48721721 and i can help you with box