[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-e
Subject:    Re: [SLE] hacked?
From:       Jerry Kreps <jerrykreps () jlkreps ! net>
Date:       2001-05-03 0:57:53
[Download RAW message or body]

Download chkrootkit and install it as root.  Then run it.
It will locate all compromised files.  Replace them with
fresh installs from the CDs.
JLK

On Wednesday 02 May 2001 09:52, Geordon VanTassle wrote:
> ----- Original Message -----
> From: <elicker@email.com>
> To: "SLE" <suse-linux-e@suse.com>
> Sent: Wednesday, May 02, 2001 9:30 AM
> Subject: [SLE] hacked?
>
> > I never bothered to look /var/log/messages file until now.
>
> May I suggest that you install something like Logwatcher by
> Psionic? RElatively easy to set up and very helpful.
>
> > Just by curiosity I was browsing the file and I see the excerpt
> > that follows.
> >
> > It seems that someone at 200.204.201.138 was trying to break in
> > into my computer.
>
> Sure looks like it.  Did you by chance run HARDEN_SUSE on this box?
>
> > My box is a minimal SuSE 6.4 with KDE2, apache and samba added.
> > No special security measures was taken.
>
> Whoops, probably no HArden_SuSE run, huh?
>
> > As I know nothing about security I am looking for some advice.
> >
> > Does this guy at 200.204.201.138 succeed? Was I hacked?
>
> It doesn't appear so.  HOwever, you can never be sure, unless you
> keep an eye on security all the time.
>
> > What is "popper"? AFAIK there is nothing in my box with this
> > name.
>
> "Popper" is the POP mail server.
>
> > Thanks a lot for any advice.
> >
> >
> > Claudio
>
> Good luck.
> Geordon

[prev in list] [next in list] [prev in thread] [next in thread]