Re: we were attacked

To: debian-isp@lists.debian.org
Subject: Re: we were attacked
From: Shane Chrisp <shane@2000cn.com.au>
Date: Tue, 11 Apr 2006 10:12:00 +0800
Message-id: <[🔎] 200604111012.00557.shane@2000cn.com.au>
In-reply-to: <[🔎] 443B037A.3040606@tau.org.ar>
References: <[🔎] 44367C04.6030609@tau.org.ar> <[🔎] 20060409005708.GA5147@io.pong.be> <[🔎] 443B037A.3040606@tau.org.ar>

On Tuesday 11 April 2006 09:16, danilo lujambio wrote:
> thanks for all of the answers. I am not a sysadmin, only a person with
> experience in linux and we work in a non for profit organization ,
> because of that, we don't have resources to pay a good sys admin :-) .
> All the mails for you , tought me something.
> Today finally we are in serious problem. The sintom was that web server
> answer with 403 forbidden and we couldn't login with ssh . After an hour
> of working  we found that log of sshd told  login_get_lastlog couldn't
> find user id ..... . Now I just found that we have a / directory
> changed to mode 700 and tmp directory to 1700

Reinstall time would be the safest choice here if your not that skilled. Even 
a skilled admin will generally opt to reinstall the box at this point after 
duplicating the drive or replacing it so they can analyze it later. Good luck 
though.

Shane

Reply to:

Follow-Ups:
- Re: we were attacked
  - From: "Ozgur Karatas" <ozgur@ozgurkaratas.com>
- Re: we were attacked
  - From: Andrew Miehs <andrew@2sheds.de>

References:
- we were attacked
  - From: danilo lujambio <danilo@tau.org.ar>
- Re: we were attacked
  - From: Ward Vandewege <ward@pong.be>
- Re: we were attacked
  - From: danilo lujambio <danilo@tau.org.ar>

Prev by Date: Re: we were attacked
Next by Date: Re: we were attacked
Previous by thread: Re: we were attacked
Next by thread: Re: we were attacked
Index(es):
- Date
- Thread