Re: Server hacked - next...?
On Sun, 29 Jun 2003 15:00, Jason Lim wrote:
> One of our servers was hacked (woody)... badly, from what I can see. A
From the ps output it appears that the hack originated from the web server or
a CGI-BIN script it ran.
As they ran modprobe I guess they got root. :(
The recommended method is to backup configuration files and data and reinstall
the machine from scratch.
Fighting off a hacker who is already in your machine as root is difficult.
Doing it properly is more difficult than preventing them cracking your
machine in the first place.
Best to reinstall.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page