[Herts] RE: Blade Server (Debian) compromised.

Jason Clifford jason at ukpost.com
Wed Jun 22 20:46:27 BST 2005

On Wed, 22 Jun 2005, nicolas wrote:

> For unknown reasons the firewall was not running.. it is now.. (horses
> etc..) I am busy googling but suggestions gratefully received.

The first thing is to understand that once compromised a system cannot be 
trusted for anything. It requires a complete re-installation after 
completely wiping the old system (ie format the partitions).

If your "data" includes executables of any kind none of them should be 
trusted unless restored from backups that you know to be safe - ie don't 
retain anything executable from your existing data.

Verify that all executables are up to date and that there are no known 
exploits. If you have websites with forums or other interactive content 
this is very important as these are common intrustion vectors.

UKFSN.ORG		Finance Free Software while you surf the 'net
http://www.ukfsn.org/	   ADSL Broadband from just £15.99 / month 

More information about the Herts mailing list