removing a Linux Keylogger
Grant M.
grant at neonedge.com
Wed Jul 27 10:57:31 EDT 2005
Bob BLU wrote:
> I'm also curious to see it either of these root kit checkers picked it up...
FYI -
I tried both rkhunter and the chrootkit and neither detected
anything. After some consideration, I believe that my machine was not
the one that was compromised, but rather that some other machine that I
logged into my machine _from_ had the keylogger. The evidence indicates
that the nefarious person(s) had my username & password, but perhaps had
not ever logged into my machine. As I stated earlier, this machine only
had 2 accounts on it, and neither had guessable passwords (and the
account that wasn't root was 'grant', which I would guess is an unlikely
login for any machine to waste a brute-force on).
The concern here is that I am regularly logging into this machine
from other machines around the world, and I will have to continue to do
so. I think my only choice here is an incredibly unpriviledged account
that can still get access to what I need off of my machine or to put
files onto my machine. It will make things a royal pain to deal with,
but I think it's my only really option.
-=Grant M=-
More information about the Discuss
mailing list