Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Kernel Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th October 2008, 01:47
bnovak bnovak is offline
Junior Member
 
Join Date: Oct 2007
Location: Arizona, USA
Posts: 18
Thanks: 3
Thanked 0 Times in 0 Posts
Default single user mode to change password, reboot login incorrect

needed to boot fedora server in single user mode to recover forgotten/changed password. changed password with passwd command and rebooted. however, on reboot, the new password was not recognized "Login incorrect".

I suspect the server has been hacked! Any other suggestions why the changed password would not be recognized? Any help would be appreciated!
Reply With Quote
Sponsored Links
  #2  
Old 11th October 2008, 19:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,727 Times in 2,565 Posts
Default

Are you trying to log in on the console or via SSH? If via SSH, are root logins allowed?

Did you scan your server for malware with chkrootkit and/or rkhunter?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 12th October 2008, 03:40
bnovak bnovak is offline
Junior Member
 
Join Date: Oct 2007
Location: Arizona, USA
Posts: 18
Thanks: 3
Thanked 0 Times in 0 Posts
Default

I attempted both methods to regain control of the server. I've had rkhunter installed with daily reports sent via email and did not notice any suspicious activity. Not being as proficient in linux as I apparently need to be, I re-installed the Fedora 9 Perfect Server to resolve the issue. I need some advice on tools and utilities available to better secure this ispconfig server from future attacks. I found fail2ban and denyhosts but have a steep learning curve to get things configured properly.

Maybe when you have some extra time, you can make a howto on securing a Fedora 9 server properly? Your howto on other subjects are outstanding!!!
Reply With Quote
  #4  
Old 12th October 2008, 17:31
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,727 Times in 2,565 Posts
Default

There's a fail2ban tutorial for Fedora 9: http://www.howtoforge.com/preventing...ban-on-fedora9
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 13th October 2008, 04:01
bnovak bnovak is offline
Junior Member
 
Join Date: Oct 2007
Location: Arizona, USA
Posts: 18
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Got ISPCONFIG back up and running after complete rebuild. However, now the BIND-server is offline in ISPCONFIG and I don't know how to get it going again.
Reply With Quote
  #6  
Old 13th October 2008, 12:53
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,727 Times in 2,565 Posts
Default

What's the output of
Code:
netstat -tap
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 13th October 2008, 16:13
bnovak bnovak is offline
Junior Member
 
Join Date: Oct 2007
Location: Arizona, USA
Posts: 18
Thanks: 3
Thanked 0 Times in 0 Posts
Default

[root@server1 ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 1833/mysqld
tcp 0 0 *:81 *:* LISTEN 2156/ispconfig_http
tcp 0 0 *:ssh *:* LISTEN 1739/sshd
tcp 0 0 *:smtp *:* LISTEN 6001/master
tcp 0 300 server1.bancroftandasso:ssh ip68-231-146-117:screencast ESTABLISHED 16070/sshd: bnovak
tcp 0 0 *:imaps *:* LISTEN 1855/dovecot
tcp 0 0 *op3s *:* LISTEN 1855/dovecot
tcp 0 0 *op3 *:* LISTEN 1855/dovecot
tcp 0 0 *:imap *:* LISTEN 1855/dovecot
tcp 0 0 *:http *:* LISTEN 2195/httpd
tcp 0 0 *:ftp *:* LISTEN 5916/proftpd: (acce
tcp 0 0 *:ssh *:* LISTEN 1739/sshd
tcp 0 0 *:smtp *:* LISTEN 6001/master
tcp 0 0 *:https *:* LISTEN 2195/httpd
[root@server1 ~]#
Reply With Quote
  #8  
Old 13th October 2008, 16:23
bnovak bnovak is offline
Junior Member
 
Join Date: Oct 2007
Location: Arizona, USA
Posts: 18
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Falko,

SInce my last message, I have built a completely new installation of a Fedora 9 server with ISPConfig. I have restored all of the ISPConfig database values from a backup from PHPAdmin. All of the services are operating properly, however, I am unable to access email. We previously used https://www.ebancroft.biz:81/webmail/ to access mail service, yet I recieve "You cannot login with the username and password entered.
Please check your username and password and try again." I have returned to IPSConfig to re-enter the passwords, but same result.
Reply With Quote
  #9  
Old 14th October 2008, 19:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,727 Times in 2,565 Posts
Default

Are you using the correct usernames? For webmail, you must use email addresses as usernames.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 14th October 2008, 20:21
bnovak bnovak is offline
Junior Member
 
Join Date: Oct 2007
Location: Arizona, USA
Posts: 18
Thanks: 3
Thanked 0 Times in 0 Posts
 
Default

Yes!

I think I have bigger issues than that at this point. Some emails work, other don't and now I have FTP issues. I think i'm just going to re-install from the ground up with Fedora 9 Perfect Server and ISPConfig and re-enter ALL users.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Webmail problems with only one domain? compner Installation/Configuration 14 16th February 2010 16:59
dovecot problem sojic Server Operation 21 23rd March 2008 18:22
High Availability Samba cluster - DRBD + Heartbeat djalex Server Operation 58 25th May 2007 19:38
Unable to authenticate to SMTP server ashkev Installation/Configuration 15 6th February 2007 17:46
unable to login root in GUI Mode in Suse10 saialkesh HOWTO-Related Questions 12 2nd May 2006 09:57


All times are GMT +2. The time now is 01:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.