On Friday 11 March 2005 01:57, Henry Tang wrote:
What i need to know now is what else can i do to find how this person hacked into my system. I checked message logs and mail logs and i found the date and time the email was sent out, but I dunno if the log files got cleaned or not. What other logs can i look into?
henry
I feel for you. Not being able to tell if you have been hacked, or how badly, well, it really sucks. Some simple advice that may or may not be useful to you: First, try the suse-security list; you're more likely to get useful help there, in this topic. Second, I hope you're emailing from some other machine, and the suspicious one is offline. That is key. Get yourself a live cd (something up to date, less likely to have vulnerabilities, e.g., knoppix or something like it). Only then you can go back online. Do all your forensics using the live cd, you can't trust any binaries on your box anymore. Finally, even if you can't find any traces of hacking, reinstall the system from scratch anyway. Just in case. Well, that's all I've got. Good luck!