Re: Was I hacked?

Subject: Re: Was I hacked?
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Fri Aug 18 2000 - 16:30:45 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Charles Stevenson: "Re: Was I hacked?"
• Previous message: Maurice van Steensel: "Re: Was I hacked?"
• In reply to: Maurice van Steensel: "Re: Was I hacked?"
• Next in thread: Charles Stevenson: "Re: Was I hacked?"
• Reply: Dan Burcaw: "Re: Was I hacked?"

>
>Looks like the possibility exist.It may be innocent but then again, it may be
>not. A good cracker would have left no trace at all so my guess would be
>kiddie
>with a rootkit.

root kits are evil but fairly easy to find if you know what to look for.
Generally, 'ls' is replaced with a hacked version that hides the root kit
directories.
If you suspect you've been root kit'd I suggest reinstalling ls (or
building it from scratch).

Also, try using find to search for directories called "..."

Lastly, if you are hacked it is generally a good idea to reinstall. Assume
that your cracker
has placed dozens of backdoors and password sniffers on your system. You
may find one
of his goodies, but that certainly doesn't mean that you've shut him/her
down and out.

Regards,
Dan

Terra Soft Solutions, Inc.
  http://www.terrasoftsolutions.com/

  Yellow Dog Linux
  "The Ultimate Companion for a Dedicated Server"
  http://www.yellowdoglinux.com/

  Black Lab Linux
  Advanced Workstations, Parallel, and Embedded Solutions
  http://www.blacklablinux.com/

• Next message: Charles Stevenson: "Re: Was I hacked?"
• Previous message: Maurice van Steensel: "Re: Was I hacked?"
• In reply to: Maurice van Steensel: "Re: Was I hacked?"
• Next in thread: Charles Stevenson: "Re: Was I hacked?"
• Reply: Dan Burcaw: "Re: Was I hacked?"

This archive was generated by hypermail 2a24 : Thu Aug 17 2000 - 16:36:46 MDT