Re: any way to confirm break-in?
- From: Cheb <no@xxxxxxxxxx>
- Date: Mon, 30 Apr 2007 14:09:12 GMT
On 30 Apr 2007 03:58:38 -0700, yosato_uk <yosato16@xxxxxxxxx> wrote:
my guess is the same attacker that tried the ssh route
found some other route.
Actually, working from log evidence is very hard. SSH is attacked
routinely my botnets and script-kiddies all around the world, so if
you have ssh on port 22 you will always have a full log file of silly
attempts. However, if someone gets in they might be clever enough to
cover all of their tracks and leave the 'normal' ssh probes in the log
files just to make it look like any other day.
may fail to detect them, is there any better way? If there's no way to
be absolutely sure, I'd in fact clean-reinstall the system altogether
and recover the backed up data.
This is the only safe way to do it.
If you are worried about the folders of data you could: back it all
up; reinstall the OS; donload a free Linux antivirus prog (eg.
AntiVir) and then virus-scan the data as it comes down. However,
copying down some data off a DVD won't activate any malware - you'd
have to execute something there, like a Trojan Horse. So, I'd just
download it to a temporary folder - scan it thoroughly and then move
it into the 'live' folder structure when you are happy it is clean.
- Prev by Date: Re: Password Problem in RH Linux ES
- Next by Date: Re: any way to confirm break-in?
- Previous by thread: Re: any way to confirm break-in?
- Next by thread: Re: any way to confirm break-in?