Re: Have I been hacked?

["Halil Demirezen" <halild@bilmuh.ege.edu.tr>]

Maybe, I can add my comments here.

recently, a kernel bug exploited and linux kernel developers patched it 
already. ptrace-kmod exploit. A local user can run suid shell with just 
using an exploit. Maybe hacking -- if there is-- may be done via this too.

But, according to me too, backups are good evidences and they are the way 
of saving your data..

sincerely.

> hmmm kernel ?
> 
> now you can start your (re)search
> 
> I don't think you'll find a lot in your logfiles because the are 
> "cleaned" anyway....
> 
> grtnx,
>          Robbert Helling.
> 
> At 17:26 7-5-2003, you wrote:
> 
> >         Check the shell history file of team1 user...
> >         if exists
> >
> >
> >On (07/05/03 14:51), Ian Goodall wrote:
> > > I am running a debian woody server and when I checked the last users
> > > yesterday I a large number of logins in the list. On running the 
command
> > > today I get the following:
> > >
> > > dev1:/home/ian# last
> > > ian      pts/0        172.16.3.195     Wed May  7 14:49   still 
logged in
> > > team1    pts/0        blue99.ex.ac.uk  Wed May  7 13:21 - 13:57  
(00:35)
> > >
> > > I have run chkrootkit but nothing was found.
> > >
> > > I have never had this before. Am I being paranoid or is someone 
trying to
> > > cover up their tracks?
> > >
> > > Thanks
> > >
> > > ijg0
> > >
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact 
> > listmaster@lists.debian.org
> > >
> > >
> >
> >--
> >Bueno, Felippe
> ><bueno@hal.vu>
> >
> >
> >--
> >To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> >with a subject of "unsubscribe". Trouble? Contact 
listmaster@lists.debian.org
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
listmaster@lists.debian.org