Chris Mauritz wrote: > Lot's of good advice. I'd also check for rootkits. There are a couple > of "rootkit checkers" available. You just download the source and > compile/execute them. I've used this one with some success to de-louse > a friend's game server: > > http://www.chkrootkit.org/ That would be a very dumb rootkit if one was installed on the server, as the offending processes could be found with "ps" and "ls" showed the directory and the files in there. Yes, one can never know *if* a rootkit was installed, but I don't think so in this case. But as always: If possible - rebuild the machine from scratch. If you cannot do that *monitor* the machine closely for suspect traffic. If possible from another clean machine on the same network. > It's also a good practice to disconnect a suspect machine from the net > and do your hacking from the console if you suspect it's been burgled. > That way, it's not actively hosing other people while you're > troubleshooting the problem. Yes. > That is...unless you've got the skills to track the burgler back to > their hideout..... Which probably is just another cracked machine. The last time I did that the tracks got lost somewhere in Malaysia. Ralph -- Ralph Angenendt......ra at br-online.de | .."Text processing has made it possible Bayerischer Rundfunk...80300 München | ....to right-justify any idea, even one Programmbereich.Bayern 3, Jugend und | .which cannot be justified on any other Multimedia.........Tl:089.5900.16023 | ..........grounds." -- J. Finnegan, USC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20060205/146e15e9/attachment-0005.sig>