Re: HELP, my Debian Server was hacked!

To: Christian K?nning <christian@koenning.org>
Cc: debian-security@lists.debian.org
Subject: Re: HELP, my Debian Server was hacked!
From: Dale Amon <amon@vnl.com>
Date: Tue, 22 Apr 2003 23:15:23 +0100
Message-id: <[🔎] 20030422221523.GD27915@vnl.com>
In-reply-to: <[🔎] 003b01c30901$66713ba0$237cfea9@liquix>
References: <[🔎] 003b01c30901$66713ba0$237cfea9@liquix>

On Tue, Apr 22, 2003 at 09:00:11PM +0200, Christian K?nning wrote:
> /var/log, symlinked /root/.bash_history > /dev/null, etc.
> Is there any way to recover the evidences, e.g. the /var/log/ directory?
> (ext2)

Examine your /dev/swap after following advice in other 
replies about making sure things are RO. You'll want to do a swapoff
to preserve the evidence right away. Best if you pull the ether cable
and work off a local console while you do any of this.

You'd be amazed what you can find in /dev/swap ;-)

Reply to:

References:
- HELP, my Debian Server was hacked!
  - From: Christian Könning <christian@koenning.org>

Prev by Date: Re: ptrace patch for vanilla kernel 2.4.20
Next by Date: Re: HELP, my Debian Server was hacked!
Previous by thread: Re: HELP, my Debian Server was hacked!
Next by thread: Re: HELP, my Debian Server was hacked!
Index(es):
- Date
- Thread