[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a compromised machine

Christoph Haas wrote:
> On Sun, Jul 24, 2005 at 09:54:28AM +0200, Nejc Novak wrote:
> It should be rather easy finding signs of weird accesses like %20 or
> chr(). Also look for weird signs in /tmp.
> If your server is important you should consider reinstalling.

I'd urge you to spend the time necessary to see if you can identify how
the attacker broke in. Otherwise you will find that after reinstalling,
the attack will occur again. As Christoph mentioned, the logs are a good
place to start.

Geoff Crompton

Reply to: