Re: hacked, then intrusion detection system
mgriffa writes:
> I just realized that someone entered my debian box with cablemodem. I
> couldn't find anything in the logs,...
Thereby demonstrating that the author of the script your script-kiddie used
is not incompetent.
> ...but the pump package was deleted.
Why do you consider this proof that you were cracked?
> I'd like to hear about any advices...
If you really were cracked (that's _cracked_, not hacked) you must
reinstall _immediately_. It is impossible to clean up safely after a
break-in. You must also install all security updates and keep them up to
date.
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin
Reply to: