From: Viliam Kocinsky <kocinsky@nextra.sk>
To: Josh <jlamb03@elitemail.org>
Cc: linux-admin@vger.kernel.org
Subject: Re: unauthorized access
Date: Wed, 12 May 2004 16:00:15 +0200 [thread overview]
Message-ID: <1084370415.2863.29.camel@dexter> (raw)
In-Reply-To: <1084310098.28632.196278681@webmail.messagingengine.com>
If i understud it correctly, you are using Windows station in your work.
Propably in your work are many Windows workstations all connected to LAN
with firewall and proxy to the Internet.
What could happened?
1.) you forgot to log off when you left your computer and somebody
misused your account (5 min is enough to copy file from CD to your
directory)
2.) somebody cracked your password and now has free access to your
account
3.) somebody cracked system administrator password
4.) you have set write permision for everybody for your directory
5.) you share your directory with full access with samba (sharing of
files)
6.) extra-terrestrials has cracked your computer, becouse you are
standing in their way - you must contact MIB
What can be checked?
1.) proxy log files (if and when this files have been downloaded) -
administrator must do it. If there is no entry for this files in proxy
log files, that mean, that files has not been downloaded from Internet.
2.) last modification of files and directory to find out the time of
this act. But this can be easyly changed.
3.) log files to see when you have been logen on, but you have not been
in work at that time (i don't know names and location of this log files)
To be sure, contact also MIB.
On Tue, 2004-05-11 at 23:14, Josh wrote:
> Hello,
> I am having a problem. Someone in my workplace downloaded many files,
> some porn onto my user directory. I was framed for it, and eventually
> the matter was settled but it is still not known who committed this act.
> I want to find out who was able to bypass permissions and save these
> files into my directory. I am sorry to say that my workplace uses a
> windows system, so it couldn't just be "root"! Are there any recommended
> log generators that I can use to discreetly monitor if my account is
> being accessed and where from. Somehow the perpetrator was able to make
> it seem as if I had logged on as someone else, but saved the files into
> my directory. I know you guys can solve it, after all we are linux users!
>
> Thanks for the help,
> Josh
next prev parent reply other threads:[~2004-05-12 14:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-11 21:14 unauthorized access Josh
2004-05-12 14:00 ` Viliam Kocinsky [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-05-11 20:53 Josh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1084370415.2863.29.camel@dexter \
--to=kocinsky@nextra.sk \
--cc=jlamb03@elitemail.org \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).