this

I was hacked :(

More specifically, my primary server at home was hacked. It was running Ubuntu 6.06.1, Dapper Drake Server Edition LTS. The server was penetrated at 17:55 on June 29th, 2008:

Jun 29 17:55:54 vault sshd[17954]: Accepted password for webcam from 62.103.28.65 port 16754 ssh2

So what happened? Well, apparently a recent OpenSSH update reset my /etc/ssh/sshd_config so my server accepted password authentication. Because the only way into my home network is via VPN (OpenSwan) and SSH, both of which use certificates and public key authentication, I was not too concerned about using strong passwords for accounts inside the network. Unfortunately for me, when sshd decided to accept password authentication attempts I was promptly hacked.

I’ve rebuilt my server using Ubuntu 8.04.1, Hardy Heron Server Edition LTS. I promptly installed OSSEC-HIDS to help prevent something like this from happening again. 

Anyway, if you haven’t heard from me in the past few days or if I’ve sounded terse, it is because I’ve been  little annoyed at the punk who decided to hack me.

Advertisements

One thought on “I was hacked :(

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s