[ale] hacked
Jim Philips
jcphil at mindspring.com
Mon Dec 31 23:38:39 EST 2001
Hunt them down. Kill them. But before they die, smile and say "All your
base are belong to us!"
Sorry, I'm already drunk.
On Mon, 2001-12-31 at 22:38, Ken Nagorski wrote:
> Hi there,
>
> Well I found a hacked box... It is a redhat 6.2 box.
>
> I am looking for suggestions. Yes, I am going to reinstall, actually I have
> a new box but this what I wanna do... I wanna try to find out why or what
> they hacked. I am run some find commands but nothing to interesting came
> back.
>
> It doesn't look like they wanted to hide themsleves to bad. They hosed ssh
> which is what tipped me off and the killed syslogd.
>
> I am guessing that it was a local user becuase I was running proftp ssh (
> no telnet ) and I upgraded bind when the security patch came out. Uhg, I
> know this email is a little disjointed however I am in a sort of frantic
> state...
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list