Re: My Linux server got hacked last night -- please help!
From: Colin McKinnon (colin.thisisnotmysurname_at_ntlworld.deletemeunlessURaBot.com)
Date: 11/29/04
- Previous message: Mark Rafn: "Re: My Linux server got hacked last night -- please help!"
- In reply to: Bill Unruh: "Re: My Linux server got hacked last night -- please help!"
- Next in thread: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- Reply: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- Reply: Jem Berkes: "Re: My Linux server got hacked last night -- please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 21:39:46 GMT
Bill Unruh spilled the following:
> Sundial Services <info@sundialservices.com> writes:
>
> Could be but first do lsattr filename and see if the i bit is set
> man lsattr
> man chattr
>
Yup, but if the machine has been compromised then it's time to format those
hard disks and reinstall from a known good backup / scratch.
>
> Then do
> rpm -Vf /complete/name/of/file/with/path
Unless you have an offline backup of your rpm database it's unwise to rely
on it as reference for IDS.
C.
- Previous message: Mark Rafn: "Re: My Linux server got hacked last night -- please help!"
- In reply to: Bill Unruh: "Re: My Linux server got hacked last night -- please help!"
- Next in thread: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- Reply: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- Reply: Jem Berkes: "Re: My Linux server got hacked last night -- please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
