Re: Visited by a cracker
From: Godwin Stewart (gstewart_at_spamcop.net)
Date: 07/12/04
- Previous message: Sven Riedel: "Re: Visited by a cracker"
- In reply to: Per Christian B. Viken: "Visited by a cracker"
- Next in thread: Irvan: "Re: Visited by a cracker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Jul 2004 08:48:11 +0200 To: "Per Christian B. Viken" <perchr@angryadmin.net>
On Sun, 11 Jul 2004 16:45:09 +0200, "Per Christian B. Viken"
<perchr@angryadmin.net> wrote:
> And should I try to find this guy? Or is it
> probably hopeless?
Does anything in the logs remain, which might give an indication where the
perp connected from? This is, of course, always assuming s/he didn't connect
through a hijacked open proxy.
As far as the malicious code is concerned, there's not much you can do.
Telefonica de Espaņa, Romanian ISPs and Kornet (220.88.27.11) all have a
long and sorry history of ignoring abuse complaints (google for them in
news.admin.net-abuse.email for example).
This said, your first course of action should be figuring out how the box
was cracked in the first place and locking it down rather than going after
someone who got in.
-- G. Stewart -- gstewart@bonivet.net -- gstewart@spamcop.net Registered Linux user #284683 (Slackware 9.0, Linux 2.6.7-em8300) -------------------------------------------------------------- Give a man a fish and he will eat for a day. Teach him how to fish, and he will sit in a boat and drink beer all day.
- Previous message: Sven Riedel: "Re: Visited by a cracker"
- In reply to: Per Christian B. Viken: "Visited by a cracker"
- Next in thread: Irvan: "Re: Visited by a cracker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
