Re: Hacked
From: J. Reilink (digiover@dsinet.org)Date: 08/01/02
- Next message: Salvador Mandujano: "Re: Relationship SSH <-> VPN ??"
- Previous message: Gui Guy: "Hacked"
- In reply to: Gui Guy: "Hacked"
- Next in thread: drumstik: "Re: Hacked"
- Reply: drumstik: "Re: Hacked"
- Reply: svek: "Re: Hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "J. Reilink" <digiover@dsinet.org> Date: Thu, 01 Aug 2002 09:30:12 +0200
Gui Guy wrote:
> My REdHat linux server was hacked, root password changed and new users
> created.
>
> I found references to eggdrop and psybnc on the system , and some hidden
> files.
>
> How did the root password get hacked?
>
> How can I clean it it up and prevent it from happening again?
Very basic steps:
Get the box offline, remove the harddrive, insert a new harddrive,
reinstall *everything*, set up some good packet filtering rules, place
the old harddrive into an old computer, start with your forensics.
It is very important that you keep the original harddrive as evidence.
Regards, Jan
-- $WORK | $PRIVE VEVIDA Services | Dutch Security Information Network http://www.vevida.nl | http://www.dsinet.org
- Next message: Salvador Mandujano: "Re: Relationship SSH <-> VPN ??"
- Previous message: Gui Guy: "Hacked"
- In reply to: Gui Guy: "Hacked"
- Next in thread: drumstik: "Re: Hacked"
- Reply: drumstik: "Re: Hacked"
- Reply: svek: "Re: Hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
