[ale] hacked

[phrostie]

just got thru checking my logs, portsentry has been going bizzerk.
looks like someone has been trying

On Monday 31 December 2001 22:38, you wrote:
> Hi there,
>
> Well I found a hacked box... It is a redhat 6.2 box.
>
> I am looking for suggestions. Yes, I am going to reinstall, actually I have
> a new box but this what I wanna do... I wanna try to find out why or what
> they hacked. I am run some find commands but nothing to interesting came
> back.
>
> It doesn't look like they wanted to hide themsleves to bad. They hosed ssh
> which is what tipped me off and the killed syslogd.
>
> I am guessing that it was a local user becuase I was running proftp ssh (
> no telnet ) and I upgraded bind when the security patch came out. Uhg, I
> know this email is a little disjointed however I am in a sort of frantic
> state...
>
> OK - any suggestions?
> THanks
> Ken
>
> ----------------------------------------------
> But I don't want to go among mad people,
> Alice remarked.
> Oh, you can't help that, said the Cat:
> we're all mad here. I'm mad. You're mad.
> How do you know I'm mad? said Alice.
> You must be, said the Cat,
> or you wouldn't have come here.
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.

-- 
Oh, I have slipped the surly bonds of DOS,
and danced the skies on Linux silvered wings.
http://pfrostie.freeservers.com/cad-tastrafy/
http://www.freelists.org/list/cad-linux

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.