Re: Visited by a cracker

From: Godwin Stewart (gstewart_at_spamcop.net)
Date: 07/12/04

  • Next message: Irvan: "Re: Visited by a cracker"
    Date: Mon, 12 Jul 2004 08:48:11 +0200
    To: "Per Christian B. Viken" <perchr@angryadmin.net>
    
    

    On Sun, 11 Jul 2004 16:45:09 +0200, "Per Christian B. Viken"
    <perchr@angryadmin.net> wrote:

    > And should I try to find this guy? Or is it
    > probably hopeless?

    Does anything in the logs remain, which might give an indication where the
    perp connected from? This is, of course, always assuming s/he didn't connect
    through a hijacked open proxy.

    As far as the malicious code is concerned, there's not much you can do.
    Telefonica de Espaņa, Romanian ISPs and Kornet (220.88.27.11) all have a
    long and sorry history of ignoring abuse complaints (google for them in
    news.admin.net-abuse.email for example).

    This said, your first course of action should be figuring out how the box
    was cracked in the first place and locking it down rather than going after
    someone who got in.

    -- 
    G. Stewart   --   gstewart@bonivet.net -- gstewart@spamcop.net
    Registered Linux user #284683 (Slackware 9.0, Linux 2.6.7-em8300)
    --------------------------------------------------------------
    Give a man a fish and he will eat for a day. Teach him
    how to fish, and he will sit in a boat and drink beer
    all day.
    

  • Next message: Irvan: "Re: Visited by a cracker"