On Wed, 2007-01-03 at 20:26 -0500, Carl Hartung wrote:
On Wednesday 03 January 2007 10:27, Carl Hartung wrote: <snipped; I'm replying to all who responded to my original post>
Hi All,
I'd forgotten I'd turned off sshd and apache2 immediately after the incident and only begun firing them up when needed. There must be an unknown mechanism affording access to the system. :-(
If you even slightly suspect some problem I highly recommend saving any data you can and doing a fresh install on this machine. Better to be safe then sorry.
With respect to today's tests:
First, after booting back into 10.0, 'who' was working correctly. (!?) After seeing this, I didn't bother checking the status of /var/run/utmp
Remote administration was still disabled in the router, it's firewall settings were still where I'd set them and my very long & complex 'Admin' names and password were still intact. I'm beginning to suspect some kind of "inside attack" is being routed through the M$ box that is sharing this connection.
I saw nothing unusual with "last", "w" or "alias".
If the [u,w]tmp file is corrupt in any way you will get faulty results when using these commands. Perhaps you fixed the problem by either zeroing out the file with "> /var/log/[u,w]tmp" or by deleting it which caused it to be recreated. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org