On Wednesday 03 January 2007 10:27, Carl Hartung wrote:
Hi All,
I'd forgotten I'd turned off sshd and apache2 immediately after the incident
and only begun firing them up when needed. There must be an unknown mechanism
affording access to the system. :-(
With respect to today's tests:
First, after booting back into 10.0, 'who' was working correctly. (!?)
After seeing this, I didn't bother checking the status of /var/run/utmp
Remote administration was still disabled in the router, it's firewall settings
were still where I'd set them and my very long & complex 'Admin' names and
password were still intact. I'm beginning to suspect some kind of "inside
attack" is being routed through the M$ box that is sharing this connection.
I saw nothing unusual with "last", "w" or "alias".
The md5sum of my /usr/bin/who matched the one posted by Ken Schneider so it
appears to be the 'stock' binary (thanks, Ken!)
Have I missed anything? I do appreciate all the great feedback today, so
thanks again!
Carl
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org