I have 3 Ensim/RHEL boxes at The Planet which run the APF firewall and are configured to allow access from only 2 IP's, my home and work. Last week I noticed I could no longer get in from work on any of those boxes. I finally realized that my conf.apf file has been changed on all 3 boxes. Port 22 has been replaced with 23 and also port 9999 added.
Has anyone experienced anything similar with their Ensim/RHEL boxes? I'd like to believe I have not been cracked however this does not look good. The config files are owned by root and I'm the only root user. I haven't changed anything and certainly not any firewall settings. Uggh...
Any security people wanna do an analysis? Naturally I'll pay for it...
Full Version: Wondering if I've been cracked...
Go ahead and submit a ticket, our security group may be able to help you a little.
Now that's service!CyberSeal, I know the support team rocks, but if you need something beyond the scope of support, you may want to see www.totalserversolutions.com
Thanks guys, I've known of TSS for awhile and had already contacted them. I'm sure I'll hear back from them tomorrow. In the meantime, I have put a detailed ticket in w/ TP as well, thanks for the tip Tomy.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.