Mailinglist Archive: opensuse-edu (21 mails)
| < Previous | Next > |
Re: [suse-linux-uk-schools] Tis the season for misery
- From: Tony Whitmore <tony@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 20 Dec 2005 18:16:47 +0000 (UTC)
- Message-id: <43A84A7F.9030100@xxxxxxxxxxxxxxxxxx>
Paul Taylor wrote:
> Hi all:
>
> I have now been "hacked" on 2 servers and (excuse the pun) I am hacked off
> with the whole thing. On the latest one, the server appears fine but the
> root password has been changed (man in the middle?). One of my isps just
> said back up the main data and re-image the machine. That seems somewhat
> excessive? I have access to revovery mode and all my files are mounted.
> What should I do???
If your box is rooted, then a complete reinstallation from known good
install media is the only way to be sure of a clean installation.
A rooted box can have special binaries installed that hide certain
processes and prevent the detection of root kits and back doors. If the
compromise was "just" via a webserver and no privilege escalation
occured, then you might be able to get away with tightening your
settings, but this doesn't sound like the case if the root password has
been changed.
Tony
> Hi all:
>
> I have now been "hacked" on 2 servers and (excuse the pun) I am hacked off
> with the whole thing. On the latest one, the server appears fine but the
> root password has been changed (man in the middle?). One of my isps just
> said back up the main data and re-image the machine. That seems somewhat
> excessive? I have access to revovery mode and all my files are mounted.
> What should I do???
If your box is rooted, then a complete reinstallation from known good
install media is the only way to be sure of a clean installation.
A rooted box can have special binaries installed that hide certain
processes and prevent the detection of root kits and back doors. If the
compromise was "just" via a webserver and no privilege escalation
occured, then you might be able to get away with tightening your
settings, but this doesn't sound like the case if the root password has
been changed.
Tony
| < Previous | Next > |