Monthly Archive for Julio, 2007

Page 3 of 11

George

Publicado el 12 Julio, 2007 como Geek. 5 Comments

Y lo peor del caso, es que el ultimo en enterarse fui yo! Claro, eso segun el atento mail que me mando Dreamhost:

Hello,

I am emailing you to inform you that the password for the user MI_USUARIO on the machine MI_SERVER has been changed to “el_nuevo_pass” without the quotes.

This has happened because we have detected that the user MI_USUARIO has logged in from more than one country, and this is a situation which is common when someone has hacked an account.

The crontab for the user has been removed, if one had existed. The following was the cronjob of your account before I sent you this notice:

[skittle] # crontab -l -u MI_USUARIO
no crontab for MI_USUARIO
[skittle] #

All processes that were running under that shell user were killed right after the password was changed.

In addition to this, if a ~/.ssh directory existed it has now been moved to ~/dot_ssh_disabled_by_dh to prevent keys to be added by an attacker. You can move this back after evaluating the key files.

If this was a false positive then you will not get another notice like this unless the account is logged into via an ip traced back to yet another different country.

If you would like for this shell account to be white listed, please respond to this message, and I will add a white list so that you will not get this message again, and no actions will be taken on the shell account if a login from a country that has no yet login into the account is detected.

If you have any questions or concerns, please contact me at EL_CHATO@dreamhost.com

Thanks!

EL CHATO

El Chato de Dreamhost

Pues bien, tal parece ser que si te logueas desde dos paises diferentes es sinonimo de que te hackearon tu cuenta! Lo mas curioso es que ni tenia algun cron corriendo, y solo se me ocurre para esta situacion que el IP de mi oficina esta registrado en El Salvador (Solo Telefonica sabra porque!), y el IP de mi Turbonett esta registrado en Guatemala ?

Que bueno que por lo menos se tomen la molestia de monitorear eso, y que hayan hecho algo al respecto, pero que susto el que me pegaron! Todavia me estoy tomando mi juguito de naranja…
A alguien mas le ha pasado?

No me gusta.
Dí lo que pensas de esta Publicación! 5 Comments
Copy Protected by Chetan's WP-CopyProtect.