[PLUG] Got hacked last night - HELP!
Paul Johnson
baloo at ursine.dyndns.org
Mon Oct 4 21:25:03 UTC 2004
<#secure method=pgp mode=sign>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Rasmussen <mikeraz at patch.com> writes:
> On Mon, Oct 04, 2004 at 04:23:42PM -0600, Bill Thoen wrote:
>> Well, lucky me. My RH 8 box got hacked again. That makes Linux just as
>> insecure as Windows. The only visible damage (so far) was that my home web
>> page got changed to "un-root crew ownz you."
>>
>> What else should I check? At the very least how do I keep 63.164.60.12 out
>> of my SSH system?
>
> Unplug from the net
> configure IP tables
> get chkrootkit - http://www.chkrootkit.org/
> clean system
What do you mean "clean system?" Once you're compromised, that's it!
It's reinstall time!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBYhKbUzgNqloQMwcRAsp9AKDKWB98MXQ5WVE7aM/Su8r9ghDjEwCgg87h
gtRDWeUJKGMfp6w/RQbJkyY=
=qXAz
-----END PGP SIGNATURE-----
More information about the PLUG
mailing list