Re: hacked, then intrusion detection system
On 3 Feb 2001, John Hasler wrote:
> mgriffa writes:
> > I just realized that someone entered my debian box with cablemodem. I
> > couldn't find anything in the logs,...
>
> Thereby demonstrating that the author of the script your script-kiddie used
> is not incompetent.
>
> > ...but the pump package was deleted.
>
> Why do you consider this proof that you were cracked?
Phisically, noone but me has access to the machine.
And some suspicious entries on the log took place while I was sleeping.
> > I'd like to hear about any advices...
>
> If you really were cracked (that's _cracked_, not hacked) you must
> reinstall _immediately_. It is impossible to clean up safely after a
> break-in. You must also install all security updates and keep them up to
> date.
is there any way to full re-install the system from inside? like apt-get
...... ?
Reply to: