[Gllug] Have I been compromised?
Adrian McMenamin
Adrian at mcmen.demon.co.uk
Sun Mar 23 17:51:17 UTC 2003
I have a remote web server that is behaving oddly.
I can ping it, and it appears to accept connections on port 80.
But it no longer delivers any content (just hangs for ever until client
times out) and I can also no longer connect on port 22 (just hangs
again, without even prompting me for a username) - but if I telnet to
port 22, the remote machine actively terminates the connection,
suggesting that sshd is active in some way.
I will be able to physically examine the system tomorrow am, but I am
concerned that I have been hacked in some way. What do you think? Any
means of drawing any conclusions remotely?
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list