I think my server has been hacked
Jonathan Hutchins
hutchins at tarcanfel.org
Mon Feb 16 19:09:19 CST 2004
The thing is that if you have been hacked, and you're not absolutely positive
what might have been changed, you run the chance of executing some command in
the future that re-opens the back door.
Unless you run something like Tripwire that will tell you exactly what files
were changed, you're better off with a wiped disk and a reinstall.
(I know you built a new server in this case, so when you're done playing with
the hacked box just be sure to snuff it.)
More information about the Kclug
mailing list