Re: Somebody is hacking me; what to do?

To: Daniel@eng.uct.ac.za
Cc: debian-user@lists.debian.org
Subject: Re: Somebody is hacking me; what to do?
From: Kevin Heath <kevh@cgocable.net>
Date: Fri, 12 Nov 1999 18:17:37 -0500
Message-id: <[🔎] 19991112181737.A15943@cgocable.net>
In-reply-to: <[🔎] 19991112173900.A15465@cgocable.net>; from kevh@cgocable.net on Fri, Nov 12, 1999 at 05:39:01PM -0500
References: <[🔎] Pine.LNX.4.05.9911122115550.295-100000@vitasat.ee.uct.ac.za> <[🔎] 19991112173900.A15465@cgocable.net>

On Fri, Nov 12, 1999 at 05:39:01PM -0500, Kevin Heath wrote:
>[...]
> I'm probably forgeting lots of things.

Yup--you should probably first install the debsums package to see
what files don't match their original checksum:

"debsums -sa 2>&1 |tee -a dubsum.log"

Also, make sure root's .profile, .bash_profile, .cshrc, etc. don't
have and malicious commands and have reasonable PATH's and umask's

Also check root's crontab, .forward, and .procmailrc's, and
"/etc/cron.*/*"'s.

You should actually do the same for your user account as well--since
a password grabber might be set-up to try and catch you su'ing.

HTH,
-Kevin

Reply to:

Follow-Ups:
- Re: Somebody is hacking me; what to do?
  - From: "Christopher S. Swingley" <cswingle@iarc.uaf.edu>

References:
- Somebody is hacking me; what to do?
  - From: Daniel Mashao <daniel@vitasat.ee.uct.ac.za>
- Re: Somebody is hacking me; what to do?
  - From: Kevin Heath <kevh@cgocable.net>

Prev by Date: FW: networking options
Next by Date: Re: Somebody is hacking me; what to do?
Previous by thread: Re: Somebody is hacking me; what to do?
Next by thread: Re: Somebody is hacking me; what to do?
Index(es):
- Date
- Thread