Today, I was just trying to download Apache from a FTP server and do some other non conspicuous things when my screen went black for no reason and logged me out! I thought it was very weird, but that was only the start! I tried to log in as root and my password was rejected! I didn't know what to do and still don't. What could cause this? I have a cable modem which is always on and I also don't have a firewall. I know, I know. :) Do you think a hacker changed my root password or was it something screwy in RH?

Needless to say, I will definately be starting up ipchains. :)

i don't know what happened but startup in maintenance mode lilo single, close all connections, change the passwd back and check your logs. install a firewall if you have to.

First, with most distros, single-user mode won't let you in without the root password. If you were to want to change it, and that was the case with you, you'd have to use a rescue disk set to mount your filesystem and edit the password file manually.

However, you shouldn't do that. You should check to make sure your root password really HAS changed and if it has, back up any data on the box you want to keep and reinstall.

It's not a big deal, but it has to be done: you can't repair a cracked box. You have to reinstall.

And I'd recommend not using distros like Redhat or Mandrake: they've all had out-of-the-box remote root exploits.

No matter what distro you use, you have to apply security fixes as soon as they come out. If you don't want to read websites every day (I don't), you can subscribe to your distro's security announcements mailing list, or use a distro like Debian that can automatically update you. And the first thing you always must do after you install any distro is apply any security fixes that've been released since that version of the distro went to press.

Originally posted by Ace69:
<STRONG>Do you think a hacker changed my root password... ?</STRONG>

Duh, DA, learn how to secure your box!

Funny you should mention screen going black and rebooting. I just had that problem (without my eth0) started. What I found out was that there was 99.7% of hd used. If you check your internal mail messages you may see signs of the same thing. Anyway a quick reinstall (selecting fewer packages) now has my system happy again.

I had the same problem with the passwords not being correct and all, even to the point were it refused to load the GUI.

Hope it is as simple as this.
Ras

Thank you Craig for the advice. I figured I would have to reinstall. I plan on doing this as soon as I get home. The only thing that I have installed is Star Office which I can easily reinstall. As far as you exabyteme, the last time I checked this is a newbie forum and I am, in fact, a newbie so if you could just keep the comments to yourself, that would be great!

[ 20 June 2001: Message edited by: Ace69 ]

Funny you should mention screen going black and rebooting. I just had that problem (without my eth0) started. What I found out was that there was 99.7% of hd used. If you check your internal mail messages you may see signs of the same thing. Anyway a quick reinstall (selecting fewer packages) now has my system happy again.

This would not be my case because I made a 4G partition for RH and I am sure that I have not installed that much stuff. Hell, the only thing that I have installed besides Linux itself is Star Office. Thanks for the help though.

I gave you the most precious advice you could get:

LEARN HOW TO SECURE YOUR BOX BEFORE GOING ONLINE, ESPECIALLY IF YOU HAVE A HIGH BANDWIDTH CONNECTION!

When I was a newbie, I made sure that my box was locked down tight BEFORE I even went online!

Too many newbies try linux without learning the security aspect first. This is a must.

[ 20 June 2001: Message edited by: exabyteme ]

I gave you the most precious advice you could get:
LEARN HOW TO SECURE YOUR BOX BEFORE GOING ONLINE, ESPECIALLY IF YOU HAVE A HIGH BANDWIDTH CONNECTION!

When I was a newbie, I made sure that my box was locked down tight BEFORE I even went online!

Too many newbies try linux without learning the security aspect first. This is a must.


I know that you meant well, it was just the way you came off. :)

Trust me, I will secure it whenever I get it reinstalled again. I have never been secure in the past because I have never been hit before. With this learning experience, I will be more leary in the future.

I guess the saying, "You learn from your mistakes", applies to this circumstance.