I've been cracked! (hamm, 2.0.35)

To: debian-user@lists.debian.org
Subject: I've been cracked! (hamm, 2.0.35)
From: Don Erickson <derick@zeni.net>
Date: Sat, 13 Mar 1999 08:33:49 -0600 (CST)
Message-id: <[🔎] 199903131433.IAA25282@trout.zeni.net>

Somebody (through jhb60.jaring.my) wandered into my system, set up a user
account for themselves and set up a couple of programs, eggdrop and smurf.
I've not been using encrypted passwords, I understand that there are ways
to derive the "salt" that the passwd file uses? 

Anyway, this person hid a few files in some interesting places and even
replaced my syslogd.  Now, when I say "hid a few files", there are files
that simply don't show up by ls.  You can manipulate them but you can't
see them unless you ls the entire path.  For example, 

$ ls /usr/lib/fms 

returns

/usr/lib/fms

but

$ cd /usr/lib;ls fms

returns nothing.

I have no idea how many files or directories might be hidden this way, nor
how I can find out.  I've obviously changed passwords and disabled
everything "foreign" that I can find, any suggestions as to what I should
be doing about this? 

Any help appreciated. 

-Don Erickson
--
 .sig lite

Reply to:

Follow-Ups:
- Re: I've been cracked! (hamm, 2.0.35)
  - From: Mitch Blevins <mblevin@mindspring.com>
- Re: I've been cracked! (hamm, 2.0.35)
  - From: " Raymond A. Ingles" <inglesra@frc.com>

Prev by Date: lilo.conf problems
Next by Date: Re: web link checker
Previous by thread: Re: lilo.conf problems
Next by thread: Re: I've been cracked! (hamm, 2.0.35)
Index(es):
- Date
- Thread