[Herts] RE: Blade Server (Debian) compromised.
Jason Clifford
jason at ukpost.com
Wed Jun 22 20:46:27 BST 2005
On Wed, 22 Jun 2005, nicolas wrote:
> For unknown reasons the firewall was not running.. it is now.. (horses
> etc..) I am busy googling but suggestions gratefully received.
The first thing is to understand that once compromised a system cannot be
trusted for anything. It requires a complete re-installation after
completely wiping the old system (ie format the partitions).
If your "data" includes executables of any kind none of them should be
trusted unless restored from backups that you know to be safe - ie don't
retain anything executable from your existing data.
Verify that all executables are up to date and that there are no known
exploits. If you have websites with forums or other interactive content
this is very important as these are common intrustion vectors.
Jason
--
UKFSN.ORG Finance Free Software while you surf the 'net
http://www.ukfsn.org/ ADSL Broadband from just £15.99 / month
More information about the Herts
mailing list