[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I've been hacked by DevilSoul

On Fri, 2002-01-11 at 05:02, Alan Aldrich wrote:
> Not sure what all it did, but really played havoc with SSH and some other networking components and is keeping my aventail authentication server from honoring socks requests.
> Can someone help undo whatever it did or point me to a site that covers it? I need to get this server back online quick

Just making sure for you: do *not* restore binary files from backup,
only data (text?) files and any /etc/-files you can't recreate from your

We had an incident where we suspected a break-in on one server.
Reinstalling all our 7 highly intertwined Debian servers from scratch
took less than a week. Just get email up first, then install apache, or
what you are providing, restore your htdocs and then fiddle with getting
your system right.

Try to use as possible of Debian plain installation configurations, they
are usually quite well thought through :)

Did you use potato or woody? I would be nice for the rest of us to have
some clue on what might have happened. It might no be trivial ( ie. a
stolen password or an old version of SSH.)
Lars Bahner,

Nihil est sine ratione cur potius sit, quam non sit.

Attachment: pgpTxim862fkL.pgp
Description: PGP signature

Reply to: