Re: I've been cracked! (hamm, 2.0.35)

To: " Raymond A. Ingles" <inglesra@frc.com>
Cc: Don Erickson <derick@zeni.net>, debian-user@lists.debian.org
Subject: Re: I've been cracked! (hamm, 2.0.35)
From: buns <wonglhg@pc.jaring.my>
Date: Sun, 14 Mar 1999 08:45:50 +0800
Message-id: <[🔎] 36EB06BE.F6216739@pc.jaring.my>
References: <[🔎] Pine.GSO.3.95q.990313121429.5794B-100000@jupiter>

This is a bit off-topic.

" Raymond A. Ingles" wrote:

> On Sat, 13 Mar 1999, Don Erickson wrote:
>
> > Somebody (through jhb60.jaring.my) wandered into my system, set up a user
> > account for themselves and set up a couple of programs, eggdrop and smurf.
>

The address seem to indicate that the intruder originates from Malaysia.


>
>  Typically this is done by "script kiddies" who aren't particularly good
> computer users, but they take scripts written by other people and use them
> to break into systems.
>
>  Then they typically use a "rootkit" to get root access and replace files,
> just as you've seen. "ls" is usually the first one they hack. They
> also replace system demons and so forth; probably there are now
> several backdoors into your system that don't use passwords at all. Check
> out www.rootshell.com, they have plenty of info and rootkits. They also
> have some information on securing your system.
>
>  At this point, you can't trust your system. You *might* be able to
> restore from your last complete backup, if you are *sure* you know when
> you were cracked. More likely, you'll have to save what data files you can
> and then reinstall from trusted media, like a CD-ROM. Obviously, don't do
> this while your machine is hooked to the net. Examine carefully any other
> machines yours is hooked up to, e.g. by Ethernet.
>
>  Don't put your system back on the net until you are reasonably confident
> you've closed the more common holes. Sorry, it sucks but that's the only
> way to be sure. If you want some revenge, you can try reporting to the
> sysadmins of the originating system, if you can actually identify it. :-/

You may want to reconsider this "revenge". In Malaysia, there is this legislation
(Computer Crimes Act 1997) which I consider absolutely draconian and the intruder if
convicted is liable to either a fine (< RM50,000) or to imprisonment (< 5 years) or
to both. Alternatively, the intruder could also be charged under a different section
in the same Act which carries a heavier penalty.

Reply to:

Follow-Ups:
- Re: I've been cracked! (hamm, 2.0.35)
  - From: " Raymond A. Ingles" <inglesra@frc.com>

References:
- Re: I've been cracked! (hamm, 2.0.35)
  - From: " Raymond A. Ingles" <inglesra@frc.com>

Prev by Date: Re: How to run a script when disconnecting a dialup connection
Next by Date: Re: Enlightenment 0.15 .debs
Previous by thread: Re: I've been cracked! (hamm, 2.0.35)
Next by thread: Re: I've been cracked! (hamm, 2.0.35)
Index(es):
- Date
- Thread