Re: Have I been hacked?
Hi guys,
I am afraid my happiness was short lived. To test if the deletion of the file
(and the effects thereof) would be permanent I rebooted the system and
consequently found another file (same size, same random lettering) booted up
with everything else. :( ... The culprit is well hidden and regenerates itself
...
I did "file -k", "grep -ir" and most of the other things you guys suggested, but
nothing showed up. I am now going through the "after-compromise" chapter as one
of you suggested.
I will run "sleuthkit" and report if anything is found. However, I am afraid a
backup and re-installation is on the horizon for me ...... sigh .....
Can I make the "/etc/init.d" directory readable only with the contents thereof
still executable ... untill I can properly back-up and install everything again?
... or maybe some other short term solution ...
Thank You
Danny
Reply to: