Re: Server hacked - next...?
On Sun, 29 Jun 2003 15:00, Jason Lim wrote:
> One of our servers was hacked (woody)... badly, from what I can see. A
From the ps output it appears that the hack originated from the web server or
a CGI-BIN script it ran.
As they ran modprobe I guess they got root. :(
The recommended method is to backup configuration files and data and reinstall
the machine from scratch.
Fighting off a hacker who is already in your machine as root is difficult.
Doing it properly is more difficult than preventing them cracking your
machine in the first place.
Best to reinstall.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: