[PLUG] Got hacked last night - HELP!
alan
alan at clueserver.org
Wed Oct 6 22:35:03 UTC 2004
On Wed, 6 Oct 2004, Galen Seitz wrote:
> Russ Johnson <russj at dimstar.net> wrote:
>
> > Paul Johnson wrote:
> >
> > >So you've got a live CD that isn't going to use the kernel or binaries
> > >on the hard disk?
> > >
> > As a matter of fact, yes. The Mandrake CDs have a rescue mode that
> > runs completely from the CD. Then, specifying the path will ensure
> > that the binaries are running from the CD.
> >
> ditto for redhat
>
> > Not saying this is the correct thing to do, but it's possible.
> >
> > I'd probably just get the data I needed off the drive and nuke and
> > repave anyway. Otherwise, it's a long row to hoe and rebuilding the
> > system is usually faster.
>
> Agreed. It wouldn't be easy. "Learning experience" is probably the
> proper phrase.
Especially when you find a backdoor you missed.
Nuke and rebuild is the best answer.
There are few backdoors that can survive mkfs.
More information about the PLUG
mailing list