#11  
Old 16th October 2007, 22:24
albertux albertux is offline
Member
 
Join Date: Sep 2006
Location: Chile
Posts: 90
Thanks: 7
Thanked 0 Times in 0 Posts
Send a message via Skype™ to albertux
Default

really i dont know, it is the first time than happens somethings to much great and burden, other times I had problems with mambo server for the bugs of security but never with the characteristics to put in danger all the system, and still i believe that it was throungth ispconfig, because of the rest of my Gnu/Linux Debian Etch it's update completely and similar errors have not been reported in the community...
Specially i create and guarantee the ispconfig server because, to part of this event, never it had had some other problem before, therefore i will continue using it ... although it is much coincidence really

grettings


P.D. Fedora Core it gives but insecurity me that any other package

Last edited by albertux; 16th October 2007 at 22:28.
Reply With Quote
Sponsored Links
  #12  
Old 16th October 2007, 22:31
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,419
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

It might be a bug in ISPConfig but I really doubt that it was a hack. Teveo1 said that he has changed a thing himself and was not able to login afterwards. So if he dont call himself a hacker, then its most likely not caused by a hack. It is much more likely that e.g. the /etc/passwd file was corrupted or something similar. But as he was not able to provide any additional information nor ask for help, we can not find the cause for the problem.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #13  
Old 16th October 2007, 22:32
teveo1 teveo1 is offline
Junior Member
 
Join Date: Mar 2007
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i am not claiming, i am asking.. that is a difference

i have used the system for 2 yrs with no big problems, however i did get the same problem just 2-3 days after "albertux" and that is at a minimum strange.

i am checking the password files now.. it may be these but the only service being used on this box was ispconfig and by changing one users password (through ispconfig) and same time setting up a catchall for him.. this incident occured..

my /etc/passwd have rw r r attributes
my /etc/shadow only have r for root... what should it have ? same attributes as /etc/passwd ??
Reply With Quote
  #14  
Old 16th October 2007, 22:36
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,419
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

The attributes are fine, the question is more the content. Run the following commands to check the syntax:

pwck
grpck

and check if the root account looks fine.

To check if your system has been hacked, install and run "rkhunter".

Also have a look at /home/admispconfig/ispconfig/ispconfig.log if it contains any errors and which actions are recorded there, as the problem occured.

The ISPConfig interface is not run with root priveliges, so a hack trough the interface will not allow to run anything with root permissions easily. And everything that is run throgh the daemon part is recorded in the logfile.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 16th October 2007 at 22:41.
Reply With Quote
  #15  
Old 16th October 2007, 22:44
teveo1 teveo1 is offline
Junior Member
 
Join Date: Mar 2007
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks. i am trying the commands.. no success, pwck only reports
"user pcap: directory /var/arpwatch does not exist" ..

corrction

running on /etc/passwd reports all users like this..

user web14_max: directory 7 does not exist
user root: directory 7 does not exist

Last edited by teveo1; 16th October 2007 at 22:47.
Reply With Quote
  #16  
Old 16th October 2007, 22:47
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,419
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
Originally Posted by teveo1
thanks. i am trying the commands.. no success, pwck only reports
"user pcap: directory /var/arpwatch does not exist" ..
Thats uncritical. And the server you run this is still the same with ISPConfig installed that denied you the login? What is recorded in your auth.log or syslog as you tried to login?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #17  
Old 16th October 2007, 22:50
albertux albertux is offline
Member
 
Join Date: Sep 2006
Location: Chile
Posts: 90
Thanks: 7
Thanked 0 Times in 0 Posts
Send a message via Skype™ to albertux
Default

yep, the problem it's that the files :

passwd
shadow
group
gshadow

they corrupt nothing else, i did, was to initiate the machine in single mode and paste the backups files of the files in the etc directory ... and the problem "i have no name" it was solved when I put the necessary permissions to him ... nothing else. you are right that can be a worm or something but as i can find, it or as I can review more meticulously, since in logs he does not appear nothing...

you know, could have been a negligence of openssl 0.9.7, that has shown security problems, but strange it it is that I have everything updated from the beginning of the operation of ispconfig.

now it can be a tiny bug or worm, because it does not let to me update the version from the panel in the port 81 of ispconfig server, it I can only do from the console untar the file and installing again...

some idea ????
Reply With Quote
  #18  
Old 16th October 2007, 22:56
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,419
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Do you have still the corrupted files or can you tell me any details about the corruption?

ISPConfig can never be updated from the contropanel, because the controlpanel does not run as root user. To uopdate ISPConfig, you must login as root user on the shell, unpack the installer files and run the setup script.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
albertux (20th October 2007)
  #19  
Old 16th October 2007, 23:01
teveo1 teveo1 is offline
Junior Member
 
Join Date: Mar 2007
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

from what I see.. everyone now is group 7.. eg..
... :7:::: in the end in the shadow file for all my users

i did not find much relief on google either...

your conclusion is right i guess, there is a problem with some of these files.. i dont have any backup of the old shadow/passwd so i have to fix what i have
the files are all fine and readable.. the box is at my desk (a noisy bastard!! ) but it does not start much services due to it not finding users, i ran it with rescue mode earlier and transferred all my important data (webs, databases etc )

The FC5 -> FC6 went fine but of course the main problem was not solved.

i will check the logs now..

Last edited by teveo1; 16th October 2007 at 23:05.
Reply With Quote
  #20  
Old 16th October 2007, 23:03
albertux albertux is offline
Member
 
Join Date: Sep 2006
Location: Chile
Posts: 90
Thanks: 7
Thanked 0 Times in 0 Posts
Send a message via Skype™ to albertux
 
Default

ahhh ok thanks, ... you know, , I analyzed my version of openssl, and he is 0.9.8c, that it does not have security holes, but can be reason why I have read, that has modified me the archives before updating openssl and day 16 activated all ...


greeting and thanl you for your aid
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Copy compiled php5 to another machine cooljai Installation/Configuration 4 11th October 2007 16:15
Migration from a virtual machine to physical sonoffett Technical 3 15th September 2007 16:09
How to connect to a Linux machine using VB rocket1356 Programming/Scripts 4 24th June 2007 19:48
connecting to windows machine sudha General 0 29th January 2007 13:38
I cannot resolve www.example.com on the local machine braakiss Installation/Configuration 5 12th January 2007 15:58


All times are GMT +2. The time now is 19:10.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.