Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

this don't look good



AAAAAHHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!!!!!!!!

oh god....

Thanks for the advice... looks like I've got a big job ahead of me...

On Wed, 2006-01-25 at 08:02 -0500, Christopher Schmidt wrote:
> On Wed, Jan 25, 2006 at 07:45:56AM -0500, Stephen Adler wrote:
> > guess what..... I've just issued a last -a on my PC and look what came
> > up... a bunch of people have broken into my root account. Any
> > suggestions as to how I should proceed?
> 
> Format the drive. Reinstall. Restore from backups.
> 
> (That would be ideal, anyway.)
> 
> I'm presuming this is a system you can't just take off the net / turn
> off ssh. If it is such a system, do that now. Next, start killing all
> those processes: they look like they're probably attempting to crack
> other machines. 
> 
> Assuming it needs to stay on the net, and ssh needs to stay open, block
> root logins. sshd_config: PermitRootLogin no . This won't stop them for
> long, most likely, but it might get you a little farther.
> 
> How soon can you get the data here off to another machine, and format
> this one? That should be the first priority: If it needs to be slightly
> longer than is absolutely neccesary, do the above steps first.
> 
> In my limited experience with this, the (cr|h)acker replaced most of
> /bin/ with versions that were compromised and behaved oddly (although I
> didn't take the time to investigate what was different about them).
> 
> In case you didn't get the message yet, you need to reformat and
> reinstall if you want any hope of using the box with any confidence of
> security or protection again.
> 





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org