Hi Markus Checked that files but found nothing wrong yet (used vi and mcedit), what may I expect to find there?... according to the log i sent, should y suppose the 'hacker' made an enter or are those failed tries? Thanks Leo Markus Noch wrote:
hi,
check ps,netstat,login and pstree . the one who hacked your machine replaces them to hide his intrusion. further search for tools like dsniff. dsniff is a rootkit. open this one`s ( ps,netstat,login and pstree ) with an asci editor. in some cases you can see plain text.
greetz and fun, -- ----------------------------------------------------- Markus Noch bsk IT Systemhaus GmbH .-. Tel.: +49 6241 / 94650-21 /v\ Klosterstrasse 23 // \\ 67547 Worms /( )\ ^^-^^ _ _ _ _ ___ ____ | |__ ___| | __ | \ | |/ _ \ / ___| | '_ \/ __| |/ /____| \| | | | | | | |_) \__ \ <_____| |\ | |_| | |___ |_.__/|___/_|\_\ |_| \_|\___/ \____| Network-Operation-Centre POP Worms noc@bsk-info.de ---Home is where ever those login prompts shine !----
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com