[CentOS] Re: I've been hacked -- what should I do next?

Mon Dec 4 16:03:32 UTC 2006
Scott Silva <ssilva at sgvwater.com>

Leonard Isham spake the following on 12/2/2006 9:15 PM:
> On 12/1/06, Aleksandar Milivojevic <alex at 8-p.ca>
> wrote:
>> Quoting Joshua Zukerman <hawk82 at gmail.com>:
>> > If the IP is outside of the US, then I
>> > wouldn't bother as e-mailing an admin from another country is useless
>> > unless you speak their language.
>> Let me assure you that even admins in Quebec will speak English.  Not
>> always to Americans.  But with most other people around the world they
>> will.  I heard it has something to do with the attitude you showed in
>> the quoted email (see above).
> First I have relatives that know little to no English.  Second I have
> traveled to Europe, Asia, and Africa for both business and pleasure.
> Now I have to ask how many people would even attempt to understand an
> e-mail in an unknown language?
But a major ISP should have at a minimum resources to translate messages to
their abuse address. You could cut and paste into babelfish.altavista.com and
get something semi-understandable. Or just take the IP address out of the
message and grep your logs for the types of activity. I know that most major
ISP's are fairly responsive to their static addresses, as I have been notified
when one of our departments put up an unpatched MSSQL server that was
immediately infected. They usually have more trouble with the dynamic
addresses for some unknown reason, maybe they don't keep enough logs. But your
abuse message will not usually be replied to.


MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!