Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] My server got hacked? Anyoen seem this?
  • From: Randall R Schulz <rschulz@xxxxxxxxx>
  • Date: Thu, 10 Mar 2005 11:27:26 -0800
  • Message-id: <200503101127.26825.rschulz@xxxxxxxxx>
Henry,

On Thursday 10 March 2005 11:18, Henry Tang wrote:
> The example i gave is bad. It is more like this
>
> http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-06/04
>73.html
>
> I didn't want to post the email my server was trying to send out
> because it includes the /etc/passwd file so I posted examples i found
> on the net. Apprently root tried to send out couple of emails to
> unknown users of yahoo and other email address as well. The email was
> bounced and that is how i found out. :( I am not in the competition.
> :(


Are you running RootKit Hunter? If not, you should. You stand a good
chance of knowing promptly when someone has established a toehold on
your system.

One regular participant here, Patrick Shanahan, kindly provides
up-to-date builds in RPM form.

To wit:

-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
On Tuesday 22 February 2005 05:21, Patrick Shanahan wrote:
> rkhunter -1.2.1-1.noarch.rpm is available for download:
> http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.noarch.rpm
> http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.src.rpm
> http://wahoo.no-ip.org/~pat/rkhunter-1.2.1.tar.gz
>
> Project description:
> Rootkit Hunter scans files and systems for known and unknown
> rootkits, backdoors, and sniffers. The package contains one shell
> script, a few text-based databases, and optional Perl modules. It
> should run on almost every Unix clone.
>
> The changes in this release are as follows:
> This release adds support for Mandrake 8.1, FreeBSD 5.3, and
> Slackware 10.1. It has support for Fink, updated MD5 hashes, updated
> packages, improved logging, improved output, and several bugfixes.
>
> Release focus:
> 5 - Minor feature enhancements
>
> Changelog
> Below is the changelog of Rootkit Hunter. It will contain changes of
> early released versions and the active development version.
>
>
> Current public version: 1.2.1
> Current development version: 1.2.2 (not available yet)
-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-


To find the full post, search for the subject "[SLE]
rkhunter-1.2.1-1.noarch.rpm available" in the February 2005 archive.


> ...
> henry


Randall Schulz

< Previous Next >
Follow Ups