[Gllug] Have I been compromised??
omphe
omphe at keiko.demon.co.uk
Mon Sep 2 11:30:35 UTC 2002
Tom Gilbert wrote:
> Not sure if
> > I'm being paranoid or not.
>
> Why do you think you've been compromised? Seeing external addresses in
> your apache logs is pretty normal, after all =P
The access.log shows a few entries to ***.***.***.***:6667 (obviously I've
*ed the real address). Being a newbie, I read furiously for an hour or so
and this seems to indicate that someone is trying to access me through/for
IRC. Furthermore, my nmbd (Samba netbios) logs show countless unsuccessful
(I hope) connection attempts. I'm checking every log that I can, but I'm
not sure of everything that I should be looking for.
I've been waiting till I could get Debian 3.0 off of the Linux Format
coverdisc next month, but I think I'll reinstall something else till then.
Best practice in terms of learning to secure myself better. The fact that
I'm unsure of my security means that I'm probably vulnerable.
When reinstalling, do I need to reformat my windows partition in the
interest of sanitizing the system? Reinstalling Linux is a great excuse to
try out a new distro, reinstalling windows is like cleaning the toilet.
(Keeps the wife happy, but filthy work!)
Thanks to all for the help. Being new to the list, I sort of expected
"RTFM" type ridicule. I appreciate the guidance.
Branden Faulls
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list