Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] My server got hacked? Anyoen seem this?
  • From: Henry Tang <henry@xxxxxxxxxxxxxx>
  • Date: Thu, 10 Mar 2005 13:35:19 -0600
  • Message-id: <4230A177.8060500@xxxxxxxxxxxxxx>
Thanks alot for the info.

I will run that.. I looked at my mail log and only two emails were sent out, and both got bounced, unless the mail log got cleaned. Luckily this is just some home server for fun, so nothing important, but would like to figure out what happened.

henry

Randall R Schulz wrote:

Henry,

On Thursday 10 March 2005 11:18, Henry Tang wrote:

The example i gave is bad. It is more like this

http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-06/04
73.html

I didn't want to post the email my server was trying to send out
because it includes the /etc/passwd file so I posted examples i found
on the net. Apprently root tried to send out couple of emails to
unknown users of yahoo and other email address as well. The email was
bounced and that is how i found out. :( I am not in the competition.
:(



Are you running RootKit Hunter? If not, you should. You stand a good chance of knowing promptly when someone has established a toehold on your system.

One regular participant here, Patrick Shanahan, kindly provides up-to-date builds in RPM form.

To wit:

-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
On Tuesday 22 February 2005 05:21, Patrick Shanahan wrote:

rkhunter -1.2.1-1.noarch.rpm is available for download:
http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.noarch.rpm
http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.src.rpm
http://wahoo.no-ip.org/~pat/rkhunter-1.2.1.tar.gz

Project description:
Rootkit Hunter scans files and systems for known and unknown
rootkits, backdoors, and sniffers. The package contains one shell
script, a few text-based databases, and optional Perl modules. It
should run on almost every Unix clone.

The changes in this release are as follows:
This release adds support for Mandrake 8.1, FreeBSD 5.3, and
Slackware 10.1. It has support for Fink, updated MD5 hashes, updated
packages, improved logging, improved output, and several bugfixes.

Release focus:
5 - Minor feature enhancements

Changelog
Below is the changelog of Rootkit Hunter. It will contain changes of
early released versions and the active development version.


Current public version: 1.2.1
Current development version: 1.2.2 (not available yet)

-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-


To find the full post, search for the subject "[SLE] rkhunter-1.2.1-1.noarch.rpm available" in the February 2005 archive.



...
henry



Randall Schulz




< Previous Next >
Follow Ups