[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: is this result of keylogger? am i hacked?


On 07/21/2010 06:45 PM, Chris Davies wrote:

> For breakage of something as significant as /etc/shells, I'd prioritise
> investigations in that order. Memtest86+ is a no-brainer, so let it
> test your machine. Are you using a kernel that's got known issues with
> whatever filesystem you are using for /etc? (Have you looked?)

I will do checks today just need to buy cdrom first. I will report memtest86+, fsck and chkrootkit results this evening. Kernel is current squeeze kernel. Filesystem is ext3. AFAIK ext3 is quite stabe now.

Today i found addidtionaly hidden files in /etc

.passwd.swn and similar .p.*

file tells that they are vim swap files, but inside they also contain keyboard logs (among other data).

> What was the outcome of your investigation into the previous situation?

The prevoius situation happens on the providers virtual hosting, so I can not do a lot. Perfromed nmap from outside, chkrootkit from inside with no results.


Reply to: