800 YARGHS! but this be a post for security guys.
 

YARGH! 800 posts. Normally I'd post a pic, but me fuckoff server got hacked. While it wasn't a big deal, (it needed a restore anyway) what's the best way to lock it down. Apparently the guy got in through eggdrop. It was something put on the box by an old employee of mine. Any ideas, tips are appreciated.

AHOY! me sharkies!

dont know how to do it myself, but SSH access via approved IPs, and secure FTP should be good

if I knew what swiftwill does, I'd say do that - they have mega tight security

YARGH! Thanks Steve, that's the way all my others are setup. Anything else to pay attention to? I usually set all ports to non-standards too, but any portscan would find them.

You never check the processes on that box to see that someone was running a eggdrop?

YARGH!

I knew it was there, but like I said it was my fuck around server so I wasn't too worried. It's been on their since 02, and this was the first time it was hacked.
Not 100% sure that was the way he got in, which is why I posted this.

Pirate Mode Re-enabled
YARGH! Where be me boner! Swab me decks! Ahoy me hearties! That's better

hey man
 

hey man!, how are you ? ... well, i'll try to help you even thought i really don't know the enviroment you are running ...

First of all ... i'm periodically reading security mailing lists cause i work developing exploits and i didn't notice any existing bug lately on eggdrop ... so if you are right and they hacked you that way ... well, its surely a 0day exploit, which means you won't have a patch avaliable so it may happen again! ...

but don't get crazy, you still may protect from this attacks ... or at least make them 10 times worst to exploit a vulnerability ... and here is what you can do:

I don't know which operating system you are running ... but i'll try to help you on almost all i know:

If you are running OpenBSD, the latest versions, and you got hacked with all their security features enabled ... well ... just asume you don't own any more that machine cause the one who made it really knows what he is doing ...

If you are running a linux server, try fedora 2 ... enable all their security features ... to be more specifically: Apply PaX ( This is a kernel level patch which bring you a lot of security enforsments which almost make a bug un-exploitable ... ) ... Try also grsecurity patch ... this patch is really useful if you know what you are doing ... you can prevent specific application executing specific syscalls ... for example ... if you are running an apache server, you know it won't bind to a port except the one it uses to listen the http requests ... well ... you can enforce this type of things ...

So basically ... what you can do to be almost sure you won't be hacked again if you don't know very much what you are doing: Install PaX and grsecurity patches, or enable all fedora security options ( At the moment, the most secure linux distribution ) ...

If you are running a Windows system ... i'm really don't know very much this platform but i think there is nothing like PaX on Windows, so i seggest moving to Windows 2003 which has some of this security enforsments ... i also would install some sort of IDS like snort to al least detect what are they exploiting, check out in your logs if you have any SIGSEGV reported by any application, on windows this is called ACCESS VIOLATION i think ...

Well, thats all i can think of with the information i have, i just made you some general security enforcements ... if you could give us more information, maybe i could help you more, just drop me a PM and i will help you if a can ... god bye man, and good luck with that fucking bastard :p ...
/s

chio if you want free hosting to host your sig lemme know. i love that sig, i will do all i can to see it again :)

Yarggh!
Duke

hit me up on aim or icq

freebsdteks
48721721 and i can help you with box

YARGH!
Me ugly mug'll be up soon. Server is up just having some issues with ip's. Thanks though.