3 Jun
2003
3 Jun
'03
23:45
On Tuesday 03 June 2003 14:05, Richard wrote:
My logs showed that I was constantly being scanned for ports 80, and the other windows based ports like 443 and 1434, . Also I saw a lot of scans by Korean and Chinese URL's hitting my higher ports like 27374. One day I noticed things were not quite right. It;s hard to describe what was going on, so I downloaded and fired up the chkrootkit app and sure enough, I had been invaded.
If you saved your config files from the old instalation, check your sshd_config to see if you had enabled ssh1. I have heard of 3 different suse 7.3 boxes rooted in the last 4 weeks and the only thing in common was ssh1 available from the net. -- _____________________________________ John Andersen