HELP, my Debian Server was hacked!
Hello List,
I hope this is not of topic:
My private server has been hacked:
debian woody 2.4.18bf2.4 kernel, apache-ssl, samba, squid.
now my problem: the intruder used a rootkit, i think, cause he deleted
/var/log, symlinked /root/.bash_history > /dev/null, etc.
Is there any way to recover the evidences, e.g. the /var/log/ directory?
(ext2)
and there three sh processes running as root? Ptrace exploit?
how can i dump this processes to file, to keep this evidence?
Thanks for help
--
Christian Koenning
Reply to: