Re: Linux server brought down by Elite on 31337 port and also how to install 2 hard disks on the same linux machine
From: Andrew Keith (andrew_at_jukenworld.com)
Date: 06/02/04
- Next message: Mike Oliver: "What are ports 738, 877?"
- Previous message: Broetchen: "restrict user account for remote access"
- In reply to: JP: "Re: Linux server brought down by Elite on 31337 port and also how to install 2 hard disks on the same linux machine"
- Next in thread: Ann: "Re: Linux server brought down by Elite on 31337 port and also how to install 2 hard disks on the same linux machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Jun 2004 06:10:47 +0800
unfortunately i think you may have been rooted (hacker installed a rootkit).
You can re-install your linux to fix the problem, but then the rootkit will
still be there.
I would suggest you reformat your machine. Its the only sure way of removing
a good rootkit (especially those which replace kernel modules).
Sorry dude, if it is a rootkit, only a format is the absolute way of
cleaning the machine 100%.
Andrew
"JP" <ft00mch@h.o.t.m.a.i.l.c.o.m> wrote in message
news:c9i50o$cso$1@phys-news-1.nl.colt.net...
> "Ann" <nsajus@yahoo.com> wrote in message
> news:cca0635f.0405251655.6135ee66@posting.google.com...
> > Hi,
> >
> > I had been running a Redhat 9 Linux server. Today when i ran nmap I
> > saw a new entry called Elite using port 31337. I disconnected the
> > computer from the network and tried to restart the machine. On
> > restarting it went to INIT-2.05b
> > prompt. Is there anyway i can restore my server back?:((
> >
> > I removed this hard disk and tried to make this a secondary hard drive
> > on another redhat linux machine(whose hard disk will serve as the
> > primary hard disk.) in the hope that i can mount the second hard disk
> > and browse the contents and make backups..After i install the
> > corrupted hard disk along with the good redhat linux hard disk, and
> > restart it, it shows the primary hard disk(the good redhat disk) info
> > and then it just hangs. I read some where that the second hard disk
> > should be automatically be detected by the redhat machine, but it
> > doesn't get there..Does it matter if the hard disks on both the
> > machine are named hda? Is there a way to rename one of them to hdb? I
> > know all these must be stupid questions..I am kind of new at this..
> >
> > Can anyone please help me? I'll be eternally grateful..
>
>
> What made you think it was a trojan? It couldhave been anything! What made
> you run nmap?
>
> There would have been other messages as to why the system did not come
back
> multi user, check you messages file.
>
> JP
>
>
> --
> There are 10 types of people in this world
> Those that understand binary and those that don't
>
>
- Next message: Mike Oliver: "What are ports 738, 877?"
- Previous message: Broetchen: "restrict user account for remote access"
- In reply to: JP: "Re: Linux server brought down by Elite on 31337 port and also how to install 2 hard disks on the same linux machine"
- Next in thread: Ann: "Re: Linux server brought down by Elite on 31337 port and also how to install 2 hard disks on the same linux machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
