Download chkrootkit and install it as root. Then run it. It will locate all compromised files. Replace them with fresh installs from the CDs. JLK On Wednesday 02 May 2001 09:52, Geordon VanTassle wrote:
----- Original Message ----- From:
To: "SLE" Sent: Wednesday, May 02, 2001 9:30 AM Subject: [SLE] hacked? I never bothered to look /var/log/messages file until now.
May I suggest that you install something like Logwatcher by Psionic? RElatively easy to set up and very helpful.
Just by curiosity I was browsing the file and I see the excerpt that follows.
It seems that someone at 200.204.201.138 was trying to break in into my computer.
Sure looks like it. Did you by chance run HARDEN_SUSE on this box?
My box is a minimal SuSE 6.4 with KDE2, apache and samba added. No special security measures was taken.
Whoops, probably no HArden_SuSE run, huh?
As I know nothing about security I am looking for some advice.
Does this guy at 200.204.201.138 succeed? Was I hacked?
It doesn't appear so. HOwever, you can never be sure, unless you keep an eye on security all the time.
What is "popper"? AFAIK there is nothing in my box with this name.
"Popper" is the POP mail server.
Thanks a lot for any advice.
Claudio
Good luck. Geordon