okay, top gave you what it was supposed to, a list of
Unfortunately, I have lost the original thread of this e- mail, but.............. processes running on
the machine. some root kits will put a trojan in top and when you run it you get a root prompt, thats why i suggested running it and seeing what happened. if lsmod didnt work, try /sbin/lsmod
Paranoid? :-)
On Tue, 9 Oct 2001, gabriel wrote:
"top" gave me a whole lot of information i didn't understand and there are no .gz files in the /var/log directory and lsmod didn't work...
could this be from someone cutting the power and then restoring it?
From:
Date: Tue, 9 Oct 2001 16:40:51 -0500 (CDT) To: gabriel Cc: SuSE Linux E Subject: Re: [SLE] hack attempt? also, do an lsmod and see what modules are loaded? maybe do a "top" and see if you get a root prompt, do a netstat -a -n -c and see what all network traffic you have going out and in and do a
machine to see if any strange ports are open.
On Tue, 9 Oct 2001, gabriel wrote:
k i've been going crazy i think someones been hacking into my webserver but i don't know how to be sure
typing "last" at the command line returns a list of
but also on that list is
reboot system boot 2.4.4-4GB [date] [time] (01:20)
and my messages.log file is cleared to that date ie, i have no entries from before october 9th @ 11:49 the time this "reboot" happened
does anyone know what's going on? any suggestions?
-- To unsubscribe send e-mail to suse-linux-e- unsubscribe@suse.com For additional commands send e-mail to suse-linux-e- help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Chad Whitten Network/Systems Administrator neXband Communications chadwick@nexband.com
-- To unsubscribe send e-mail to suse-linux-e- unsubscribe@suse.com For additional commands send e-mail to suse-linux-e- help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- To unsubscribe send e-mail to suse-linux-e- unsubscribe@suse.com For additional commands send e-mail to suse-linux-e- help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Chad Whitten Network/Systems Administrator neXband Communications chadwick@nexband.com
-- To unsubscribe send e-mail to suse-linux-e- unsubscribe@suse.com For additional commands send e-mail to suse-linux-e- help@suse.com Also check the FAQ at http://www.suse.com/support/faq and
What device are you trying to load via "insmod" first of all. "lsmod", lists those devices which have been loded (typically from "/lib/modules/kernel-version"). These include things like eth0 interfaces, printers, etc. This can then be checked via the "/proc" directory. If you could give me the original thread (I cannot connected to suse.co.uk for some reason), I'll try and help --Thomas Adam port scan of your past logins the
archives at http://lists.suse.com
Thomas Adam
"The Linux Weekend Mechanic" --
i told him to do an lsmod to see what modules are loaded. some root kits work via kernel modules. On Wed, 10 Oct 2001, THOMAS ADAM wrote:
Unfortunately, I have lost the original thread of this e- mail, but..............
okay, top gave you what it was supposed to, a list of processes running on the machine. some root kits will put a trojan in top and when you run it you get a root prompt, thats why i suggested running it and seeing what happened. if lsmod didnt work, try /sbin/lsmod
Paranoid? :-)
On Tue, 9 Oct 2001, gabriel wrote:
"top" gave me a whole lot of information i didn't understand and there are no .gz files in the /var/log directory and lsmod didn't work...
What device are you trying to load via "insmod" first of all. "lsmod", lists those devices which have been loded (typically from "/lib/modules/kernel-version"). These include things like eth0 interfaces, printers, etc.
This can then be checked via the "/proc" directory.
If you could give me the original thread (I cannot connected to suse.co.uk for some reason), I'll try and help
--Thomas Adam
could this be from someone cutting the power and then restoring it?
From:
Date: Tue, 9 Oct 2001 16:40:51 -0500 (CDT) To: gabriel Cc: SuSE Linux E Subject: Re: [SLE] hack attempt? also, do an lsmod and see what modules are loaded? maybe do a "top" and see if you get a root prompt, do a netstat -a -n -c and see what all network traffic you have going out and in and do a port scan of your machine to see if any strange ports are open.
On Tue, 9 Oct 2001, gabriel wrote:
k i've been going crazy i think someones been hacking into my webserver but i don't know how to be sure
typing "last" at the command line returns a list of past logins but also on that list is
reboot system boot 2.4.4-4GB [date] [time] (01:20)
and my messages.log file is cleared to that date ie, i have no entries from before october 9th @ 11:49 the time this "reboot" happened
does anyone know what's going on? any suggestions?
-- To unsubscribe send e-mail to suse-linux-e- unsubscribe@suse.com For additional commands send e-mail to suse-linux-e- help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Chad Whitten Network/Systems Administrator neXband Communications chadwick@nexband.com
-- To unsubscribe send e-mail to suse-linux-e- unsubscribe@suse.com For additional commands send e-mail to suse-linux-e- help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- To unsubscribe send e-mail to suse-linux-e- unsubscribe@suse.com For additional commands send e-mail to suse-linux-e- help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Chad Whitten Network/Systems Administrator neXband Communications chadwick@nexband.com
-- To unsubscribe send e-mail to suse-linux-e- unsubscribe@suse.com For additional commands send e-mail to suse-linux-e- help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Thomas Adam "The Linux Weekend Mechanic" --
A Student at the "Southampton Institute", Southampton, Hants, ENGLAND
Chad Whitten Network/Systems Administrator neXband Communications chadwick@nexband.com
participants (2)
-
dog@intop.net
-
THOMAS ADAM