Mailinglist Archive: opensuse (4749 mails)
| < Previous | Next > |
Re: [SLE] Has someone hacked my server? Has someone gotten root on my machine?
- From: Derek Fountain <derekfountain@xxxxxxxxxxx>
- Date: Thu, 1 May 2003 19:04:39 +0800
- Message-id: <200305011904.39525.derekfountain@xxxxxxxxxxx>
> So I really have no idea of what is going on. Has some hacked my box and
> gotten root? :-( :-(
>
> What should I do now? Backup htdocs and database and then format and
> reinstall the whole lot?
It's very, very sick. The fact you can't get at the ls command as root
suggests something horrible has happened. Unless it's been left really
vulnerable, I wouldn't immediately suspect the box has been cracked, since
most crackers would either silently take over the box so they could use it,
or they'd just trash it completely. Subtlely breaking it in various ways
isn't the norm, although it is possible.
Do you have any reason to believe a hardware fault has occured? Any history of
overheating with that box? Has it received a knock recently which might have
dislodged some memory? Any reason to think the hard disk might have started
to die?
Basically, it's not going to tell you much in the state it's in. If you can
get to a position where you can get your data to safety, that would be a very
sensible thing to do. You might be able to get the thing running more
sensibly by booting a Linux distro from CD or floppy, mounting the hard disk
and having a look around. But as a newbie, this might be more trouble than
it's worth, and you probably wouldn't be able to spot the signs which tell
you what's happened anyway.
A reinstall looks like the best option in the absence of any better advice. My
suspicions would lay with the hardware though. Happily running Linux boxes
don't just go belly up like that without a good reason.
--
"...our desktop is falling behind stability-wise and feature wise to KDE
...when I went to Mexico in December to the facility where we launched gnome,
they had all switched to KDE3." - Miguel de Icaza, March 2003
> gotten root? :-( :-(
>
> What should I do now? Backup htdocs and database and then format and
> reinstall the whole lot?
It's very, very sick. The fact you can't get at the ls command as root
suggests something horrible has happened. Unless it's been left really
vulnerable, I wouldn't immediately suspect the box has been cracked, since
most crackers would either silently take over the box so they could use it,
or they'd just trash it completely. Subtlely breaking it in various ways
isn't the norm, although it is possible.
Do you have any reason to believe a hardware fault has occured? Any history of
overheating with that box? Has it received a knock recently which might have
dislodged some memory? Any reason to think the hard disk might have started
to die?
Basically, it's not going to tell you much in the state it's in. If you can
get to a position where you can get your data to safety, that would be a very
sensible thing to do. You might be able to get the thing running more
sensibly by booting a Linux distro from CD or floppy, mounting the hard disk
and having a look around. But as a newbie, this might be more trouble than
it's worth, and you probably wouldn't be able to spot the signs which tell
you what's happened anyway.
A reinstall looks like the best option in the absence of any better advice. My
suspicions would lay with the hardware though. Happily running Linux boxes
don't just go belly up like that without a good reason.
--
"...our desktop is falling behind stability-wise and feature wise to KDE
...when I went to Mexico in December to the facility where we launched gnome,
they had all switched to KDE3." - Miguel de Icaza, March 2003
| < Previous | Next > |