Subj : bbs shut down http log To : Angus Mcleod From : DieselMan Date : Tue Jun 28 2005 02:47 am Re: bbs shut down http log By: Angus Mcleod to DieselMan on Mon Jun 27 2005 11:18 am > If this is happening, I'd packet-capture the external interface to disk, > then the next time this occured, I'd filter the capture file and see if I > could figure out how they were getting in. > > You are posting HTTP activity logs, but the shutdown commands seem to be > coming from the console. Either someone is getting a shell on the box, or > they have found a way to "push" console commands from the HTTP interface. > > Do you have 'tcpdump' on your system? And 'ethereal' too? Do you know > how to use them? What distribution are you using again? Are you using a > pre-packaged Synchronet installation, or are you compiling from CVS? Yes, I agree it doesn't really look like anything that I would know of from the http log would be causing it. But then what do I know. I don't know how to run the commands or applications you are speaking of yet. I was running mandrake 10 from gnome and had used the rpm to do all the security and bug fixes. And i installed from cvs and update daily 3.12 debug. they have security choice's in setup and i have it set as high as you can go without blocking out everything. At least from what i have read. I did find one of security set when you go in and tweek it that might be questionable. It was concering allowing remote access to root from remote. The default setting was allow/disallow = without_password and i wasn't sure which way that was meant so i changed it to none. And rechecked all the settings and shorewall port settings. But don't understand why iptables isn't running. it is checked to come up on boot i says it's stopped under services. I changed to blackbox instead of gnone. Also have the security system checking everything as far as i know so far antway and is supposed to send me a message if anything changes. not sure if all of that actually works like i understand it to. The gppd thing is it was happening every few minutes to a few hours for 2 days and now it hasn't happened for over 12 hours thank you for your help and concern. btw this is formally kcvwdoc from friends of bill w bbs. I just chose to change the name of the bbs and since I don't work on vw or audi anymore I changed my alias. Thought I would just start it all fresh. It's been a bit frustrating for a few days but it will all work out..and in the end I will learn from it a better OS. And after I get more familar with linux. I will try to move up to one of the more complicated distros. Have a great day, DieselMan --- þ Synchronet þ There Is A Solutionhttp://thesolution.homelinux.org .