On Thu, Feb 5, 2015 at 5:29 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >>> Be it me, I would consider box compromised. All done on/from that box >>> since probable day it happened compromised as well. If there is no way >>> to >>> establish the day, then since that system originally build. With full >>> blown sweeping up the consequences. Finding really-really-really >>> convincing proof it is not a result of compromise (and yes, fight one's >>> wishful thinking!). >> >> You aren't being paranoid enough. > > Really? My take is to take it as seriously as it can potentially be. It > _is_ paranoid, and is paranoid enough. Which would constitute pretty good > compliment responsible sysadmin can get ;-) No, you are saying don't trust that box. >> If it happened as a result of >> following some instructions or running a script, it's not just the box >> that is compromised, it is everything you think you know. On the >> other hand it could have just been an accidental typo. > > That's why I said "avoid wishful thinking". I'm saying don't trust the source of the advice you were following when this happened. -- Les Mikesell lesmikesell at gmail.com