Your best bet is to use the firewall iptables for the job.
in /etc/sysconfig/iptables
-A input -i eth0 -p tcp -m tcp --dport 21 -j DROP
This prevents ftp access
You can block services from certain ip addresses or network segments as well
-A INPUT -i eth0 -p ALL -s 192.168.0.15 -j DROP
ipchains:
in the /etc/sysconfig/ipchains file
-A input -s 0/0 23 -d 0/0-p tcp -y -j DROP
-A input -s 0/0 23 -d 0/0-p tcp -y -j DROP
That will do it.
The reason you probably got hacked was password policy.
One guessable password makes your system vulnerable. If that user has a suid capable shell or something out there then your system is someone elses slave. A word starting with a b comes to mind. Bad SEP.
I encountered a number of these attacks on my HP-9000 server. I used /var/adm/inetd.sec to stop all outside ftp and telnet access
This attack was crude, simply trying to guess the password for root. There were hundreds of attempts.
I reported the information to the relavent authorities and they promised to investigate.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
