Gah I'm trying to setup archer but it's giving me the shits. The damn thing keeps taking an IP from the router, despite having the interface setup with a static IP! If I restart the interface I get the correct settings -- for about 5 minutes and then the router 'forces' a dynamic IP on the box again and I lose the connection. *SIGH* This is really driving me crazy. And worst of all I can't ask for help because our internet connection is so frelled at the moment. I'll be surprised if I can get this to post with less than 3 tries.
Soooooooo frustrated. All I have to do at the moment is check over our firewall rules script to make sure it wasn't compromised, and then switch the router back to modem duties. Everything should JUST WORK then. I'm just going crazy at the moment. I think I'll have to take the internet offline for a while in order to do the switching over. I can't have the damn router giving archer a different IP once I set it back up with no keyboard or monitor! I'll also need to test the dhcp server, but that's switched off at the moment so as not to confuse clients on the network..... Don't really need a different gateway address being given to clients! Also will have to put the static address allocations back in since owlrigh's win98 machine doesn't like dhcp3-server.
We have a secure password now thankfully. Well actually probably not *secure* but at least it's no longer a dictionary word :-) Yes folks, I was so lazy I put our machine on the internet for 3 years with a dictionary word as the root password. I also trusted that the default sshd setup on debian was secure enough to deny root logins. Those were my two big mistakes that allowed our machine to be compromised. How dumb do I feel? Well I've been putting the pieces back together for 3 days now so I'm feeling very humble. archer's setup was the culmination of 3 years of hard work and learning, and it was brought down by my laziness and trust. FYI, root is no longer allowed to login via ssh on archer. That was the first thing I did when I reinstalled.
So much for linux being more secure than Windows. The next person who tries to tell me that the default install of linux is more secure than the default install of Windows is going to be laughed at. I mean sure, I didn't have to run sshd.... but how the hell else am I supposed to access a box which is completely headless and sits in an alcove of the hallway? There's no way in frozen-over hell that I'd run telnet. ssh is supopsed to be SECURE! Isn't that what it stands for? Secure SHell? An unlocked house is more secure. What I want to know is why the debian package tells me a billion other useless things, but doesn't stress to me that root can login with the default configuration?! I'm surprised our box hasn't been owned long before now. It never occurred to me that the default configuration would allow root access.... I could have sworn (and I'm probably delusional) that previous versions of debian popped up a thing saying that root was denied access, and that you'd have to manually allow root to login via ssh.
Yes, I'm a bad bad girl for not checking the conf files myself. Yes I accept responsibility for the security of my own connection. I just feel that I should have been told such a dangerous configuration was going on the internet. Well, I've learned a valuable lesson, at the expense of my own sanity. We're fairly certain that it was an automated attack on the box. If it had been a human, they could have done so much more damage and left it so we wouldn't have known about it. I mean, changing the root password guarantees that once we disconnect from the internet we can't reconnect. (I don't want regular users with those sorts of permissions. Or indeed really ANY sorts of permissions. I'm paranoid... obviously I wasn't paranoid enough!)
I have thought perhaps about running sshd on an unusual port to stop automated attacks against it. I've also thought perhaps about setting up firewall rules to deny access to the ssh port to all but a few 'trusted' hosts. Neither of these is a particularly elegant solution, but I'm very very very scared about putting the box back on the internet now! I guess I ought to be scared because there's so many nasties out there. It's just the sort of thing you think will never happen to you... if you're as arrogant or ignorant as I was. "Nobody would ever bother to hack my machine! My internet connection is crap! Why would they want to bother?" Well for starters, these people aren't interested in pwning j00r b0x0r, they're more interested in doing damage. Why? Well why do people damage public phones. For something to do because they're bored, or are totally frelled in the head.
We're also going to be implementing an intrusion detection system. I want to know the next time somebody tries to ssh in as root. I'll be taking their IP and either reporting them to their ISP or adding them to a 'drop' list in the firewall rules. I guess it depends on what the IP resolves to.... *SIGH* I should get back to work on this. Nearly time to take the internet offline and start putting things back into place.
I'm so glad we were able to put archer's hard drive into another linux box and backup all the data we wanted to keep. Side effect of using it as a file server I guess. We used archer to backup stuff we didn't want to keep on our own hard drives. In particular I was guilty of this. I have my home dir on archer mapped to a drive on my windows machine so I can easily put files there to send via email, or to store them there so I don't have to store them in a directory on my desktop PC.
Well, we'll be doing PROPER backups of archer as well. Just gotta work out the logistics. The DVD-RW is probably going back into my desktop machine since kazuixy's machine only has 256meg of RAM and he claims it's running like crap and he won't be able to burn any DVDs with it like that. Unfortunately we can't afford to buy him another stick of RAM at the moment. Hopefully after we pay his stupid tax bill that he wouldn't have gotten if the payroll officer at his place of employment had a clue about what to do when somebody HAS A FREAKIN HECS DEBT! That $1300 should have been taken out in tax during the year and we should have broken even on his tax return. We didn't really need to have to try and save it by mid-November when we've got a baby on the way!
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
silne) wrote,
aggravated
