[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian 2.0: some intruder broke in

On Thu, 2003-03-20 at 15:27, Jan Andrzej wrote:
>  Some intruder broke in (cracked in) debian 2.0
> system.
> Now I can use it but I cannot shut down the system
> (when I type shutdown -h now or shutdown -r now I get
> the following message: (bad, not nice word) While
> hacking kernel...
> and the system is not going to shutdown. I used the
> button 'reset'
> to exit the system.
> The following directories are empty 
> /etc/init.d
> /var/log
> And may be more.
> I can use dselect to install again the basic system
> and so on
> but I found only /dists/debian2.2 but not
> /dists/debian2.0
> I think I cannot upgrade the system to debian2.2
> because it's broken
> but probably I could install the removed packages.
> I have installed many programs in the system and they
> seem to
> work so It would be nice not to install everything
> from scratch.
> Could you please someone help me?

If the intruder was able to clean /etc/init.d and /var/log that means he
had root rights.  Thus he might have modified any other packages and/or
installed some backdoor to gain access to your system any time he wants
to.  It is far more work (if not impossible) to check your whole system;
the only thing you can do is backing up your data hoping that nothing
got destroyed, doing an fdisk and reinstalling everything.  If possible
you should upgrade to the current stable (3.0 "woody"), and not install
some *really* outdated version of Debian.

Aaron Isotton                                 [ http://www.isotton.com ]
Modesty is a vastly overrated virtue.
		-- J.K. Galbraith

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: