Re: Somebody is hacking me; what to do?
On Fri, Nov 12, 1999 at 05:39:01PM -0500, Kevin Heath wrote:
>[...]
> I'm probably forgeting lots of things.
Yup--you should probably first install the debsums package to see
what files don't match their original checksum:
"debsums -sa 2>&1 |tee -a dubsum.log"
Also, make sure root's .profile, .bash_profile, .cshrc, etc. don't
have and malicious commands and have reasonable PATH's and umask's
Also check root's crontab, .forward, and .procmailrc's, and
"/etc/cron.*/*"'s.
You should actually do the same for your user account as well--since
a password grabber might be set-up to try and catch you su'ing.
HTH,
-Kevin
Reply to: