Hello all!

I have a slight problem.  My system keeps showing all the symtoms of getting
hacked.  It happens about once or twice a month.  The symtoms are such that
some of the files in /bin get altered and have 8192 bytes added on to them. 
This makes them give a segfault.  Since apps like grep and awk and mount are
affected, my system becomes unusable, and I have to rebuild the whole thing
from scratch.

I've been told in alt.os.linux that I'm being hacked.  They say I should
turn off telnet and ftp, because they consider that to be a vulnerability. 
I'm not sure if they think so because it creates a vulnerable opening in the
system, or that hackers can sniff out passwords.

If it's the latter, then I think I'm covered.  I have it so that when
anybody connects via telnet, it loads up Mystic.  They never get a linux
login prompt.  Also, there are no user accounts in /etc/passwd other than
root and some maintenance accounts.

I used to have a menu option that would take me to the OS, but I got rid of
that.  Now whenever I administrate remotely, I use only SSH to do it.

So tell me, does any other linux sysop out there have this problem?  What do
you do to minimize hacking?

 gryphon o aka darryl perry o cyberia bbs o cyberia.darktech.org o mystic/lnx

--- Mystic BBS v1.07.3 (Linux)