If the root password has been hacked you don't know what files or permissions may have been changed as a result. i.e. even if you change the root password it may be that someone else has levered another ID to have admin-equivalent privileges. If your 'main data' includes scripts then they too may have been compromised ... And can you be sure documents haven't been changed? And it's easy to change file dates so it looks like nothing has changed recently. You can't even trust backups since the earliest date you might have been hacked. Thus the re-image suggestion, painful as it seems. Regards Derek Grainge -----Original Message----- From: Paul Taylor [mailto:ptaylor@uklinux.net] Sent: 20 December 2005 16:51 To: SuSE for Schools Subject: [suse-linux-uk-schools] Tis the season for misery Hi all: I have now been "hacked" on 2 servers and (excuse the pun) I am hacked off with the whole thing. On the latest one, the server appears fine but the root password has been changed (man in the middle?). One of my isps just said back up the main data and re-image the machine. That seems somewhat excessive? I have access to revovery mode and all my files are mounted. What should I do??? Paul -- Sizofik a Ninila' Siyakhona? ポール -- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com ******************************************************************************** All mail sent and received may be examined to prevent transmission of unacceptable material. Wellington College does not accept responsibility for email contents. Problems to administrator@wellingtoncollege.org.uk. Website: http://www.wellingtoncollege.org.uk ********************************************************************************