[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I've been hacked by DevilSoul

Thanks to all who responded.
The DevilSoul rootkit was a nasty one which planted a man-in-the-middle
attack on my debian linux box. Apparently I was not secure enough or
watchful enough , as the intruder was able to install a kit on my root drive
which installed new versions of telnetd, passwd, ifconfig, ps, top, ssh, and
started evesdropping on my ssh and authentication logins.
Of course I took it off the net and had to rebuild the whole system, and now
I am not allowing ssh, rsh, telnet or ANY logins. It is not a machine that
needs logins anyway, all it does is VPN proxy and authentication on certain
ports. Anyway.. watch out for it. It puts a directory with all of the setup
programs in /dvsrk

Thanks again all


Reply to: