When asking on #debian, a user suggested that I check my logs to see if I had been hacked. I found in /var/logs/auth.log that the command `su` had been run to switch from user `root` to user `nobody` at 3:35 this morning, a time when I was not connected to the internet (I use ppp to connect through my modem). My second question: any idea what might have done this? (obviously, I'd like to avoid a reinstall)
(I can't seem to find any cronjob that would be doing this, but it would help if you had any suggestions)
please cc: me as I am not subscribed to this high-volume mailing list -- I usually have a GPG digital signature included as an attachment. If you don't know what it is, either ignore it or visit www.gnupg.org My PGP key was last signed 6/10/2003 please download my key again if it is more recent than your copy. If you use GPG, *please* talk to me to sign it. The key is keyID E2B2CAD1 on pgp.mit.edu
Attachment:
pgpEaviGiyqpO.pgp
Description: PGP signature