Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] My server got hacked? Anyoen seem this?
  • From: Mike <kenziem@xxxxxxxxxxxx>
  • Date: Sun, 13 Mar 2005 20:05:12 -0500
  • Message-id: <200503132005.13660.kenziem@xxxxxxxxxxxx>
On Sunday 13 March 2005 18:54, Carlos E. R. wrote:
> The Sunday 2005-03-13 at 17:47 -0500, Allen wrote:
> > Umm OK, good, but don't turn the machine iff if you plan on trying to
> > save any data gtom it for analysis. The other guy who replied said to get
> > it off , and I agree, pull the network cable, but DON'T turn it off,
> > reboots can often lead to rm -rf / which is added in so if the machine is
> > powered down it can.
>
> What about killing every process (kill -9), then pulling the cord?

Only if you don't boot the machine again.

If rm -rf has been put into the init sequence (perhaps /etc/boot)
then by starting the machine again the rogue code will be started and do it's
damage.

You can boot with knoppix and then mount your partitions and examine them for
damage.

Did you install tripwire?


--
Collector of vintage computers http://www.ncf.ca/~ba600
Machines to trade http://www.ncf.ca/~ba600/trade.html
Open Source Weekend http://www.osw.ca

< Previous Next >
Follow Ups