[ale] hacked

Jim Philips jcphil at mindspring.com
Mon Dec 31 23:38:39 EST 2001


Hunt them down. Kill them. But before they die, smile and say "All your
base are belong to us!"

Sorry, I'm already drunk.


On Mon, 2001-12-31 at 22:38, Ken Nagorski wrote:
> Hi there,
> 
> Well I found a hacked box... It is a redhat 6.2 box.
> 
> I am looking for suggestions. Yes, I am going to reinstall, actually I have 
> a new box but this what I wanna do... I wanna try to find out why or what 
> they hacked. I am run some find commands but nothing to interesting came 
> back.
> 
> It doesn't look like they wanted to hide themsleves to bad. They hosed ssh 
> which is what tipped me off and the killed syslogd. 
> 
> I am guessing that it was a local user becuase I was running proftp ssh ( 
> no telnet ) and I upgraded bind when the security patch came out. Uhg, I 
> know this email is a little disjointed however I am in a sort of frantic 
> state...



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list