I think my server has been hacked
Brian Densmore
DensmoreB at ctbsonline.com
Mon Feb 16 20:40:00 CST 2004
I'll try to keep good notes. If I find anything useful in my
search or can come up with enough in my search that I could
make a presentation out of, I'll do an open office presentation out of it.
I'll also do one on what I'm doing to build a debian secure busybox server.
The new server is going to have this configuration if I can make it all work
sshd
apache-ssl+php
exim+courier-imap+pop3+squirrelmail over ssl
virtual hosting
possibly mysql or postgresql (not sure I really want this on a web/mail server)
My old system used postfix and a different webmail interface and no imap or pop.
>-----Original Message-----
> From: Garrett Goebel
> Sent: Monday, February 16, 2004 12:56 PM
> To: Brian Densmore; Kclug
> Subject: RE: I think my server has been hacked
>
>
> This would make an excellent presentation.
> --
> Garrett Goebel
>> -----Original Message-----
>> From: owner-kclug at kclug.org [mailto:owner-kclug at kclug.org]On Behalf Of
>> Brian Densmore
>> Sent: Monday, February 16, 2004 12:18 PM
>> To: Kclug
>> Subject: RE: I think my server has been hacked [x-adr]
>>
>>
>> (this is a repost as the original never seems to have made it
>> through.)
>>
>> Well in the initial analysis I was rooted about 3am on the
>> 8th. The cracker installed at the least the shv5 rootkit.
<snip>
More information about the Kclug
mailing list