[PLUG] Got hacked last night - HELP!

Paul Johnson baloo at ursine.dyndns.org
Mon Oct 4 21:25:03 UTC 2004


<#secure method=pgp mode=sign>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Rasmussen <mikeraz at patch.com> writes:

> On Mon, Oct 04, 2004 at 04:23:42PM -0600, Bill Thoen wrote:
>> Well, lucky me. My RH 8 box got hacked again. That makes Linux just as 
>> insecure as Windows. The only visible damage (so far) was that my home web 
>> page got changed to "un-root crew ownz you."
>> 
>> What else should I check? At the very least how do I keep 63.164.60.12 out
>> of my SSH system?
>
> Unplug from the net
> configure IP tables
> get chkrootkit - http://www.chkrootkit.org/
> clean system

What do you mean "clean system?"  Once you're compromised, that's it!
It's reinstall time!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBYhKbUzgNqloQMwcRAsp9AKDKWB98MXQ5WVE7aM/Su8r9ghDjEwCgg87h
gtRDWeUJKGMfp6w/RQbJkyY=
=qXAz
-----END PGP SIGNATURE-----




More information about the PLUG mailing list