Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] My server got hacked? Anyoen seem this?
  • From: Allen <gorebofh@xxxxxxxxxxx>
  • Date: Sun, 13 Mar 2005 17:47:19 -0500
  • Message-id: <20050313224719.GA9323@xxxxxxxxxxxxxxxxxxxxxx>

On Sat, Mar 12, 2005 at 12:55:35AM -0600, Henry Tang wrote:
> Nope, i don't think i am. I am running 7.3 which is a discontinued
> product. I am working on SuSE 9.2 now ^.^ I think it'll be much more
> secure than 7.3.


Umm OK, good, but don't turn the machine iff if you plan on trying to save
any data gtom it for analysis. The other guy who replied said to get it off
, and I agree, pull the network cable, but DON'T turn it off, reboots can
often lead to rm -rf / which is added in so if the machine is powered down
it can.




> Allen wrote:
>
> >On Fri, Mar 11, 2005 at 12:57:14AM -0600, Henry Tang wrote:
> >
> >
> >>What i need to know now is what else can i do to find how this person
> >>hacked into my system. I checked message logs and mail logs and i found
> >>the date and time the email was sent out, but I dunno if the log files
> >>got cleaned or not. What other logs can i look into?
> >>
> >>
> >
> >
> >
> >If you're rooted they can not only delete logs but forge them. Meaning the
> >holes where the log has been deleted can be forged so that it appears
> >nothing happened.
> >
> >Again, were you updated with alls ecurity patches?
> >
> >
> >
>
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx
>
>

< Previous Next >
Follow Ups