14 Mar
2021
14 Mar
'21
14:43
Having read through this long conversation, and, yes, coming in late (sorry for that), I seem to be missing something. How did the hacker get in? Was it simply a brute force at the SSH login?
On March 5, 2021 2:41:35 PM UTC, James Knott
On 2021-03-05 9:39 a.m., Josef Moellers wrote:
Where else is a user allowed to write? The user doesn't have to write the file himself, it can also be created on his behalf, eg mailboxes, crontabs, atjobs, to name but a few.
I have deleted all files with that user's UID.