[PLUG] Hacked?

Cliff Wells cwells at commandprompt.com
Mon Jan 19 19:38:01 UTC 2004


Dan Haskell wrote:

>On Mon, 19 Jan 2004, Michael Montagne wrote:
>
>  
>
>>But I'm not totally sure I've been compromised.  The fact that all is
>>well after a reboot is encouraging.  I think.
>>    
>>
>
>Are you running PortSentry? If so, it may be a false positive:
>
>http://list.cobalt.com/pipermail/cobalt-users/2001-March/040590.html
>http://www.webhostgear.com/25.html
>
>Disclaimer: I know nothing about this, I just googled.
>  
>
If a ping on localhost is returning anything other than 127.0.0.1 (as 
the OP claimed) then he's been compromised.   I would never trust that 
machine again.

Follow the earlier advice and reinstall.   Actually, if you're running 
an older version of your distro, then you could probably get away with 
an upgrade to a newer version and see the problem go away since most 
likely the upgrade will replace every binary on your system.   Then you 
just have to check the stuff under /usr/local (and other places that 
aren't typically used by the distro) for lingering binaries/scripts and 
replace/remove them.

Cliff




More information about the PLUG mailing list