[CentOS] I've been hacked -- what should I do next?

Fri Dec 1 13:51:02 UTC 2006
Steve Huff <shuff at vecna.org>

On Dec 1, 2006, at 12:45 AM, Alfred von Campe wrote:

> enabled port forwarding on my router (so I can access the system  
> from home).  Other than deleting these files, is there anything  
> else I should worry about?  I'd rather not re-install the OS...

let me add another suggestion to the flood: once you've rebuilt the  
box, install DenyHosts (http://denyhosts.sourceforge.net/).  this  
tool is quite effective at blocking brute-force ssh attacks; not only  
will this make it much harder for an attacker even if you should  
happen to set a weak password on an account in the future, but it  
will also reduce the amount of CPU time and memory wasted on dealing  
with brute-force ssh attacks.

RPMs are available at sourceforge; the python 2.3 RPM works great on  
CentOS 4.

i'm sorry you're having to deal with this. :(


If this were played upon a stage now, I could condemn it as an  
improbable fiction. - Fabian, Twelfth Night, III,v