[PLUG] Hacked?
Cliff Wells
cwells at commandprompt.com
Mon Jan 19 19:38:01 UTC 2004
Dan Haskell wrote:
>On Mon, 19 Jan 2004, Michael Montagne wrote:
>
>
>
>>But I'm not totally sure I've been compromised. The fact that all is
>>well after a reboot is encouraging. I think.
>>
>>
>
>Are you running PortSentry? If so, it may be a false positive:
>
>http://list.cobalt.com/pipermail/cobalt-users/2001-March/040590.html
>http://www.webhostgear.com/25.html
>
>Disclaimer: I know nothing about this, I just googled.
>
>
If a ping on localhost is returning anything other than 127.0.0.1 (as
the OP claimed) then he's been compromised. I would never trust that
machine again.
Follow the earlier advice and reinstall. Actually, if you're running
an older version of your distro, then you could probably get away with
an upgrade to a newer version and see the problem go away since most
likely the upgrade will replace every binary on your system. Then you
just have to check the stuff under /usr/local (and other places that
aren't typically used by the distro) for lingering binaries/scripts and
replace/remove them.
Cliff
More information about the PLUG
mailing list