[Gllug] hacked !
Ms. Lene Jensen
ljensen at redhat.com
Thu Nov 29 09:47:08 UTC 2001
On Wed, 28 Nov 2001, mallum wrote:
> Im gonna copy all my stuff down and recommend to my friend we rebuild
> the box from scratch ... any other advice ?
Always document the problems! Make a backup of your site, check logs to
see whether you can find out who did it, and report to police!
Here is what I would do:
1: take the box offline
2: take a full backup of everything, printing out scripts that might be
cracked, so you have documentation of what was done
3: check log files to see whether there are any indication of who it was
that got into your box. Quite often they leave traces, and you can track
them to their ISP, who sometimes will be willing to help you. In "the old
days" help was always given, now I am not so sure.
4: when you are truly satisfy you have everything you need to proceed to
the police, report it
5: rebuild from scratch, setting up the firewall again, and use backup to
get information back. Everything on your computer after an attack, might
not be secure.
6: hook it back up.
I might have forgotten some steps here, if anyone can think of it, feel
free to fill in.
Btw, you've been cracked, not hacked ;)
LJ
--
10 Alan Turing Road | Tel: +441483734926 | Want Linux training or
Guildford | Fax: +441483734956 | certification? Go to
GU2 7YF, UK | Mob: +447799844842 | Red Hat's webpages!
http://www.europe.redhat.com/training/
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list