RE: Hackers ... attn: Mallory
Date: 02/25/97

 Hey Mallory some advice on hacking..  I would NOT say im the best.. far
more out there better than me.  As to why someone would do it.. there would
have to be a motive.  Otherwize somebody just like wasting their time and
of course everybody elses.

  Causes and events on how the breach might have occured:

  Former IMP like you said, that would have had the passwd from before.. 
perhaps its possible that you had changed it for a few seconds for some
reason and changed it back.

  This can be due to forgetfullness on your part.  #1 I never change the
password for just a few seconds.. 

  The second reason could be on how you have your permissions set on your
directory.  Make sure that the files specified are for USER access only.

  Next, you want to make sure  you have your passwd (encrypted) file out
of reach.. ie hidden or even mounted on another file server like well.. ummm m 

  Another thing might be to have something or someone check the types of
files being run..  Im not going to go into detail on that one..and probably
wont relay all my secrets.. but i have enough accts to last me a lifetime
anywhere in the US.

  And ill just rap it up with one more note..  THE LOGS.  With root access
if you are a good enough hacker.. you can  leave no evidence.. but sometimes
that gets in the way, and has to speak for yourself.  If you rememberd
the last thing that was done BEFORE the hacker arrived.. then you can
trace the history file so to speak.  I believe you already did this to
determine what the damage was.. but never the less... hide those too.

  Shadowing tools are good.. but not 100% affective.. they just take longer
to reach..  Firewalls are good.. always affective other than localhost..
so that limits a great deal there depending on your total /usr swap.

  Then the final thing comes down to who you can trust on localhost server.
If you know your /usrs are trustworthy, have firewall, maybe some WRAPPERS,
you can have a site that is virtually 90% unhackable.

  Now.. besides the people that work at my ISP and have -su access.
I have a site that nobody can reach.. in fact.. i have to mail this
off my other acct just because the signiture from this one is whacked.
Wouldn't translate through the mailing list unless Alex does it by hand it
seems, multiple file servers. 

  By the way.. i think your post was a good one.. and was worded great.
Glad i could help somewhat... but thats what the list is for. :P


| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   |
|    Or send 'info circle' to     |

This archive was generated by hypermail 2b30 : 12/18/00 PST