Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Have I been hacked?
  • From: "andre@do" <andre@xxxxxxxx>
  • Date: Sat, 01 Dec 2001 13:49:16 +0200
  • Message-id: <3C08C3BC.8050200@xxxxxxxx>
Hans Körber wrote:

Hallo,

I found user "nobody" performing a "find" on my linux box few days ago.

In the /home section of the filesystem I found a subdirectory "httpd" which I did not create. The "httpd" directory itself contained a subfolder, "bin-cgi". I didn't find any other changes.

The linux machine runs IPTABLES with open ports for SSH, HTTP and HTTPs. Connection is via pppd.

kernel and patches version ?
iptables version ?
ssh type & version ?
http server & version ?

was the box properly hardened and are you
sure no other ports were listening when you
installed ?


hth

andre


< Previous Next >
List Navigation
References