Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Have I been hacked?
  • From: Hans Körber <Hans.Koerber@xxxxxx>
  • Date: Sat, 01 Dec 2001 12:33:51 +0100
  • Message-id: <3C08C01F.6010301@xxxxxx>

I found user "nobody" performing a "find" on my linux box few days ago.

In the /home section of the filesystem I found a subdirectory "httpd" which I did not create. The "httpd" directory itself contained a subfolder, "bin-cgi". I didn't find any other changes.

The linux machine runs IPTABLES with open ports for SSH, HTTP and HTTPs. Connection is via pppd.

I'm still a "newbie" to security. I would appreciate any key words and explanations to find out if I've been hacked, how this has been achieved and how it can be avoided in the future.

Thank you very much in advance.

Hans Körber

< Previous Next >
List Navigation
Follow Ups