Re: Am I Compromised -- Some interesting findings

To: debian-isp@lists.debian.org
Subject: Re: Am I Compromised -- Some interesting findings
From: Ritesh Raj Sarraf <rrs@researchut.com>
Date: Fri, 25 Nov 2005 23:04:06 +0530
Message-id: <[🔎] dm7hun$50a$1@sea.gmane.org>
References: <[🔎] dm7eu1$rj6$1@sea.gmane.org> <[🔎] 438743BD.3080203@co.com.mx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

alex on Friday 25 Nov 2005 22:32 wrote:

> This is a very good analysis and you did a good job at it. But there
> is no future for your server. Right now what you need to do is kill
> it, boot with a boot disk, save all data and configs not without
> checking exactly what youre saving, find out how where you cracked (go
> forensic on your server), reinstall it in a box with a better security
> setup (since the one youre talking about was obviously vulnerable)...

The biggest pain is that these servers are at a remote location and I don't
think my client can afford my physical visit to the site. In simple it
looks like I'll have to do a clean install again.

Regards,

rrs
- -- 
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
research."
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDh0sO4Rhi6gTxMLwRAja5AJ0Wu4OTkUp1DmQF0YZE/1sVbFOllgCggzdZ
/9X3WVbtp44MXQFcI9nXQ0M=
=cx1M
-----END PGP SIGNATURE-----

Reply to:

References:
- Am I Compromised -- Some interesting findings
  - From: Ritesh Raj Sarraf <rrs@researchut.com>
- Re: Am I Compromised -- Some interesting findings
  - From: alex <alex@co.com.mx>

Prev by Date: Re: Am I compromised
Next by Date: Re: Am I compromised
Previous by thread: Re: Am I Compromised -- Some interesting findings
Next by thread: *****VIRUS***** von Ritesh Raj Sarraf <rrs@researchut.com>
Index(es):
- Date
- Thread