Re: Have I been hacked?
Maybe, I can add my comments here.
recently, a kernel bug exploited and linux kernel developers patched it
already. ptrace-kmod exploit. A local user can run suid shell with just
using an exploit. Maybe hacking -- if there is-- may be done via this too.
But, according to me too, backups are good evidences and they are the way
of saving your data..
sincerely.
> hmmm kernel ?
>
> now you can start your (re)search
>
> I don't think you'll find a lot in your logfiles because the are
> "cleaned" anyway....
>
> grtnx,
> Robbert Helling.
>
> At 17:26 7-5-2003, you wrote:
>
> > Check the shell history file of team1 user...
> > if exists
> >
> >
> >On (07/05/03 14:51), Ian Goodall wrote:
> > > I am running a debian woody server and when I checked the last users
> > > yesterday I a large number of logins in the list. On running the
command
> > > today I get the following:
> > >
> > > dev1:/home/ian# last
> > > ian pts/0 172.16.3.195 Wed May 7 14:49 still
logged in
> > > team1 pts/0 blue99.ex.ac.uk Wed May 7 13:21 - 13:57
(00:35)
> > >
> > > I have run chkrootkit but nothing was found.
> > >
> > > I have never had this before. Am I being paranoid or is someone
trying to
> > > cover up their tracks?
> > >
> > > Thanks
> > >
> > > ijg0
> > >
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> > >
> > >
> >
> >--
> >Bueno, Felippe
> ><bueno@hal.vu>
> >
> >
> >--
> >To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> >with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: