From: Rick Moen (rick at domain linuxmafia.com)
Date: Thu 18 Oct 2001 - 14:50:44 IST
begin Chris Boyd quotation:
> Can't figure out that's all about. It looks like a dodgy directory but
> doesn't say that it's a dir or a file. Anyone know?
It's pretty much a dead certainty that your box was cracked. Sometimes,
it's not even anything _you_ (the box's admin) did wrong, but rather
a user indulging the near-universal habit of using the same password
on multiple machines, or who merely ssh'd into your box from a
compromised machine whose ssh client captured his authentication info.
You'll need to reinstall from trusted master media, retaining data files
but not executables from the existing system, and recreating the machine
state from your existing configuration files (e.g., /etc/*) only with
extreme caution.
Consider using a host-based intrusion-detection system (e.g., AIDE or
Tripwire) on the rebuilt system.
--
Cheers, "Transported to a surreal landscape, a young girl kills the first
Rick Moen woman she meets, and then teams up with three complete strangers
rick at domain linuxmafia.com to kill again." -- Rick Polito's That TV Guy column,
describing the movie _The Wizard of Oz_
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:12:49 GMT