[Chester LUG] worried - hacked?

Michael Crilly e-mail at mcrilly.co.uk
Wed May 21 14:33:57 UTC 2008


My bad, I was looking at the log wrong. I thought a process was being
executed by this 'Mark' but it was, in actual fact, crontab running the
process.

Still, nothing wrong with running a chkrootkit and rkhunter every now and
then. Don't forget to remove them after installing them so the binary's
themselves don't become infected.


On 5/21/08, Bryn Salisbury <bryn.salisbury at gmail.com> wrote:
>
> Michael,
>
> 2008/5/21 Michael Crilly <e-mail at mcrilly.co.uk>:
> > You've been cracked by the looks of it. It looks as though someone has
> > broken in and then probed the system, for various features and also tried
> to
> > start a service, possibly an old version with a known exploit in it (so
> they
> > have a point to exploit in future)
>
> What log lines are you looking at? I could be having a "can't see the
> wood from the trees" moment here...
>
> B
>
> _______________________________________________
> Chester mailing list
> Chester at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/chester
>



-- 
M. T. Crilly
http://www.mcrilly.co.uk/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/chester/attachments/20080521/23faa7f3/attachment.html>


More information about the Chester mailing list