[ale] hacked
Ken Nagorski
kenn at refriedgeek.com
Mon Dec 31 22:38:16 EST 2001
Hi there,
Well I found a hacked box... It is a redhat 6.2 box.
I am looking for suggestions. Yes, I am going to reinstall, actually I have
a new box but this what I wanna do... I wanna try to find out why or what
they hacked. I am run some find commands but nothing to interesting came
back.
It doesn't look like they wanted to hide themsleves to bad. They hosed ssh
which is what tipped me off and the killed syslogd.
I am guessing that it was a local user becuase I was running proftp ssh (
no telnet ) and I upgraded bind when the security patch came out. Uhg, I
know this email is a little disjointed however I am in a sort of frantic
state...
OK - any suggestions?
THanks
Ken
----------------------------------------------
But I don't want to go among mad people,
Alice remarked.
Oh, you can't help that, said the Cat:
we're all mad here. I'm mad. You're mad.
How do you know I'm mad? said Alice.
You must be, said the Cat,
or you wouldn't have come here.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list