[CentOS] I've been hacked -- what should I do next?

Sat Dec 2 00:11:21 UTC 2006
Kevan Benson <kbenson at a-1networks.com>

On Friday 01 December 2006 11:42, Aleksandar Milivojevic wrote:
> Quoting Alfred von Campe <alfred at 110.net>:
> > Is there any sense in reporting this?  I have the IP addresses from
> > which they logged in.
>
> You could try, it won't hurt.  However, you run 99% probability  
> nothing will happen.  That IP address is probably just another  
> compromised system.  If it's a dial-up address, contact the ISP.  If  
> it actually belongs to some organization (for example university),  
> contact them.  In general, places like universities might even attempt  
> to do something with info you provided.  ISP's in general will do  
> little to nothing about it.

Having worked at an ISP, I would like to note they might be appreciative 
depending on the circumstances.  If the IP is obviously a DSL or dialup 
address (check the reverse DNS), they probably get deluged with so many that 
it's hard for them to actually take action on them (although many ISPs do 
try).  If the IP looks to be an actual server (whether it's the ISP's or a 
colocation client of theirs), they will most likely be appreciative of the 
notice.

-- 
- Kevan Benson
- A-1 Networks