Mailinglist Archive: opensuse (1919 mails)

[hettar@xxxxxxxxxxxx (Steven Udell)]

Hi SuSE

I just spent 4 hours as a lowbie fixing my system
after a QPOPPER hack got into my system.
It was prob just a prank..
as mp3s were played while I didn't play em
but /etc/passwd and /etc/shadow was fscked with.
had a "mixed up" shadow and passwd was chmod 600ed

This was not so bad looking at it from an experts view..
but I had no clue how to fix at first...
the problems this gave me was:

whoami came up with:
cannot find username for UID 500
a grep:
grep 500 /etc/passwd
with: hettar:x:500:100::/home/hettar:/bin/bash
grep hettar /etc/shadow
with: hettar:Le7L5GF6Koty2:10415:0:10000::::

Well all this made passwd not function,
I had a "I have no name!@warhammer:/home/hettar" Prompt
I could not log on as a normal user. only root would (lucky)

My fix:
redo /etc/shadow and redo /etc/passwd
and comment these out of inetd.conf
pop3, imapd, midident
and then killall -HUP inetd

looking for someone logged onto your machine this way?
netstat | grep pop3

Anyways, my head hurts..I am fixed up I think
Steven Udell
hettar@xxxxxxxxxxxx

-
To get out of this list, please send email to majordomo@xxxxxxxx with
this text in its body: unsubscribe suse-linux-e