« Shift + Backspace seems to crash X
Installing ZendStudio »

New Gateway and got hacked

For those wondering why I have such a low postcount the past few months, I was ill for a week twice, I’ve had holidays, and furthermore, I do a lot of webdevelopment using the Zend Framework (</spam)

I recently bought myself a new server which fit easily in the meter cupboard that I’m now using as a gateway. The specs are a AMD Athlon 64 X2,BE-2400, Socket AM2 (35 Watt), 2x Seagate Barracuda 320 Gb configured in software-raid, MSI K9AGM3-F motherboard and 4 Gb Kingston DDR2 PC5300 @667 MHz RAM. This server – especially due to the low-power cpu – consumes when idling only 65 Watt :D

I currently use it mostly/mainly for web-caching and proxying, as well as NAT-firewall. Because I do not use it for many other purposes, it wouldn’t be that much of a problem if something happened to it. Guess what, it happened :P There was a user configured who had a password that was the same as the username, while ssh running on port 22. Weird he, that someone guessed it :P After a couple of hours I discovered an unwanted user, who ran an irc server (I discovered an open port a minute after it was opened), and was able to lock the unwanted visitor out. New lesson: Make sure a user is simply not able to have a password that equals the username.

For anyone interested I suffixed my iptables-config that I use for proxying/masquerading.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain
# Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain

#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 81 -j REDIRECT --to-port 80

# Setup squid, reroute http traffic (tpc port 80) to squid (tcp port 8080)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 -d ! 10.0.0.2

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
# Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward

This entry was posted on Tuesday, February 12th, 2008 at 4:50 PM and is filed under Hardware, ServerConfiguration. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “New Gateway and got hacked”

  1. edwarddeleau says:
    February 28, 2008 at 11:31 PM

    Deels absoluut abracadabra wat hier staat voor mij :) Maar je moet wel ook nog even je WP upgraden naar 2.3.3….er zijn wat security fixes onder meer op de xmlrpc. Je moet ook even je directories beveiligen via je .htaccess ik kan zondermeer op http://www.dolfschimmel.nl/wp-content/plugins/ e.d. en het versie nummer weghalen uit je pages van wp en.. enz.. :)

  2. Freak says:
    April 7, 2008 at 3:51 PM

    Thanks. After having upgraded this blog, I just approved your comment ;)

    see also: http://dolfschimmel.freeaqingme.com/?p=76

  3. KEVIN says:
    July 21, 2010 at 4:04 PM


    MedicamentSpot.com. Canadian Health&Care.No prescription online pharmacy.Best quality drugs.Special Internet Prices. High quality drugs. Buy pills online

    Buy:Cialis Professional.Cialis Soft Tabs.VPXL.Cialis Super Active+.Cialis.Viagra Soft Tabs.Maxaman.Viagra.Viagra Super Active+.Tramadol.Zithromax.Levitra.Super Active ED Pack.Soma.Viagra Professional.Propecia.Viagra Super Force….

Leave a Reply