Last week I have got a bad/great experience.
I installed RHEL5 last week with static iP.
some one has entered in my system from these ips
82.79.161.104,92.80.199.219,79.113.9.116
and they created a user with uid of 0(zero)
and done nasty things like crashing the system.
I found this by giving ‘last’ command .
which shows me unknown ip has logged in my system.
Then i check the /etc/passwd file
which shows a user named with “girgo” with uid of 0 has created.
I think my root password should be the problem
admin123) which is a dict word
and crackers has done their job easily.
They create a user named “oracle”
and they create a directory named ” bot “
and some files and some scripts
I shamed since i am one of the victim.
I think this will be the lesson for everyone.
Lesson Learned :
1)Password should be strong.
2)Allow ssh from known ips only.
3)Have to take bare metal backup after installing the system , for quick restore
4)Install and monitor any intrusion detection system
