[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: we were attacked

On Tuesday 11 April 2006 09:16, danilo lujambio wrote:
> thanks for all of the answers. I am not a sysadmin, only a person with
> experience in linux and we work in a non for profit organization ,
> because of that, we don't have resources to pay a good sys admin :-) .
> All the mails for you , tought me something.
> Today finally we are in serious problem. The sintom was that web server
> answer with 403 forbidden and we couldn't login with ssh . After an hour
> of working  we found that log of sshd told  login_get_lastlog couldn't
> find user id ..... . Now I just found that we have a / directory
> changed to mode 700 and tmp directory to 1700

Reinstall time would be the safest choice here if your not that skilled. Even 
a skilled admin will generally opt to reinstall the box at this point after 
duplicating the drive or replacing it so they can analyze it later. Good luck 


Reply to: