Re: a compromised machine

To: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: a compromised machine
From: Geoff Crompton <geoff.crompton@strategicdata.com.au>
Date: Sun, 24 Jul 2005 21:57:37 +1000
Message-id: <[🔎] 42E38231.8080701@strategicdata.com.au>
In-reply-to: <[🔎] 20050724111925.GA30518@torf.workaround.org>
References: <[🔎] 42E34934.7080604@soncek.biz> <[🔎] 20050724111925.GA30518@torf.workaround.org>

Christoph Haas wrote:
> On Sun, Jul 24, 2005 at 09:54:28AM +0200, Nejc Novak wrote:
> It should be rather easy finding signs of weird accesses like %20 or
> chr(). Also look for weird signs in /tmp.
> 
> If your server is important you should consider reinstalling.

I'd urge you to spend the time necessary to see if you can identify how
the attacker broke in. Otherwise you will find that after reinstalling,
the attack will occur again. As Christoph mentioned, the logs are a good
place to start.

Geoff Crompton

Reply to:

References:
- a compromised machine
  - From: Nejc Novak <nejc@soncek.biz>
- Re: a compromised machine
  - From: Christoph Haas <email@christoph-haas.de>

Prev by Date: Re: a compromised machine
Next by Date: Re: Addressing the recent zlib issue
Previous by thread: Re: a compromised machine
Next by thread: Re: a compromised machine
Index(es):
- Date
- Thread