It was. Someone hacked the postgresl account. rm'd /usr/bin/named for
some reason. And copied loadsa scan/trojan stuff into the account. I have
the IP of the person who connected. What should be the next step? I assume
that IP was prolly hacked as well. The IP does not have a dns entry and
strobes show it as a UNIX box. A nohup.out also shows a scanned network..
I'm gonna have to nuke the box (trojan worries) but want all needed data
first. This has happened to a few UL machines now.. ho hum..
Damian O'Sullivan Tel:087-2241456 damian at linux.ie
I think I will be more decisive...
On Sun, 5 Mar 2000, Damian O'Sullivan wrote:
>> Anyone know if this looks like a hack attempt??
>
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
