[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I've been hacked by DevilSoul



hi alan

where are you ???

if in silicon valley...
you can be back online within 1hr or so...
( assuming you have data-only backed up prior to the hacker getting
( into your box..

if the [h/cr]acker didnt "rm -rf /" your machine..you're still online..
- maybe just sniffing your passwds ???
- maybe using it to hack other boxes ??

- you need to see what its doing... and than prevent that from
  happening on oyour next install

- if you think they used a simple/ordinary rootkits... you can 
  try some of the rootkit detectors

	http://www.chkrootkit.org/

	http://www.blackcode.com/scan 
	( scans your machine - or used to scan for rootkits/trojans )

otherwise..
	http://www.Linux-Sec.net/Tracking

have fun
alvin
http://www.Linux-Sec.net/


On Thu, 10 Jan 2002, Alan Aldrich wrote:

> 
> Not sure what all it did, but really played havoc with SSH and some other networking components and is keeping my aventail authentication server from honoring socks requests.
> Can someone help undo whatever it did or point me to a site that covers it? I need to get this server back online quick
> Thanks
> alan
> 
> 



Reply to: