Chris Mauritz wrote:
Lot's of good advice. I'd also check for rootkits. There are a couple of "rootkit checkers" available. You just download the source and compile/execute them. I've used this one with some success to de-louse a friend's game server:
That would be a very dumb rootkit if one was installed on the server, as the offending processes could be found with "ps" and "ls" showed the directory and the files in there. Yes, one can never know *if* a rootkit was installed, but I don't think so in this case.
But as always: If possible - rebuild the machine from scratch. If you cannot do that *monitor* the machine closely for suspect traffic. If possible from another clean machine on the same network.
It's also a good practice to disconnect a suspect machine from the net and do your hacking from the console if you suspect it's been burgled. That way, it's not actively hosing other people while you're troubleshooting the problem.
Yes.
That is...unless you've got the skills to track the burgler back to their hideout.....
Which probably is just another cracked machine. The last time I did that the tracks got lost somewhere in Malaysia.
Ralph