[CentOS] I've been hacked -- what should I do next?
John R Pierce
pierce at hogranch.comFri Dec 1 06:12:13 UTC 2006
- Previous message: [CentOS] I've been hacked -- what should I do next?
- Next message: [CentOS] I've been hacked -- what should I do next?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alfred von Campe wrote: > My home system has been hacked. It's running CentOS 4.4, and I > recently added an account to play around with Samba shares to back up > PCs here at home. I had set a weak password for that account and > forgot to disable it after my testing. I could hear the disk being > accessed constantly, so I knew something was up. I disabled the port > forwarding to my CentOS box on my Linksys router (only ports 22 and 80 > were being forwarded). if for sure only 22 and 80 were forwarded, then it wasn't Samba. There's no default account I see here on my 4.4 boxes named backup, was that something you'd created? some package you'd installed? what was on your website? any canned php scripting or whatever? re: cleanup... look very carefully for directories in odd places with . names I'd run rkhunter to see if tehre's any other well known root kits on your system.
- Previous message: [CentOS] I've been hacked -- what should I do next?
- Next message: [CentOS] I've been hacked -- what should I do next?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list