Re: My Linux server got hacked last night -- please help!
From: sarah chang (sarahd00d_at_yahoo.co.uk)
Date: 11/30/04
- Next message: Nico Declerck: "Re: Blocking incoming IP address immediately"
- Previous message: Jem Berkes: "Re: My Linux server got hacked last night -- please help!"
- In reply to: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- Next in thread: Mark Rafn: "Re: My Linux server got hacked last night -- please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Nov 2004 23:38:02 -0800
Sundial Services <info@sundialservices.com> wrote in message news:<cog0tr$mu8$1@domitilla.aioe.org>...
> sarah chang wrote:
> > It looks as though my Linux server (running RedHat Fedora Core 3) was
> > hacked last night.
> > [...]
> > I can't chmod or chown these files, even as root.
>
> The first thing I would do, after taking the system off any network, is to
> thoroughly check for filesystem damage, e.g. with "shutdown -rF", the "F"
> option forcing an fsck upon reboot.
>
> If you are unable to use chmod or chown against the files, when you have
> restarted with the rescue-CD (and you know that you are in fact executing
> the commands from that immutable CD), then this strongly implies to me a
> filesystem failure, rather than a "hack."
Thanks for the help. Someone else has experienced a similar problem,
so perhaps the problem is filesystem corruption due to a bug in Fedora
Core 3 and the entries in /var/log/secure were just a coincidence.
See
S
- Next message: Nico Declerck: "Re: Blocking incoming IP address immediately"
- Previous message: Jem Berkes: "Re: My Linux server got hacked last night -- please help!"
- In reply to: Sundial Services: "Re: My Linux server got hacked last night -- please help!"
- Next in thread: Mark Rafn: "Re: My Linux server got hacked last night -- please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
