[BLU] Help... I've been hacked!
Scott Lanning
slanning at buphy.bu.edu
Tue Mar 27 12:33:53 EST 2001
On Tue, 27 Mar 2001, David Kramer wrote:
>Take this advice from one who learned the hard way. You need to reformat
>the hard drive and start over. You have no idea what files were left
>behind or altered. As Sigorney Weaver says, "Nuke 'em from orbit. It's
>the only way to be sure". It's sad, it's a lot of work, but they almost
>always leave hidden ways back into your system.
>
>You may want to copy off some text-only files (config, mail, cron, web
>content) from your system before doing that, but make sure they're clean.
I had to re-install this weekend. I'd forgotten to put iptables back
after rebooting, and someone was trying to exploit some portmap
vulnerability (yeah, I'd forgotten to shut down portmap too).
I had no evidence that they actually had compromised the system,
but I still re-installed. It's rough after you've spent several
months configuring everything, especially when you forget to copy
certain configuration files (pine, emacs, etc..).
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list