[sclug] Adore root kit
David Herring
dave at netfm.org
Fri May 27 08:56:36 UTC 2005
Hello again,
Obviously a two question day....
We just had one of our devel servers 'hacked' from Russia.
It's running a 8.0 Suse, so probabley exploited some vunerability in OS.
I know the adore root kit has been installed, but the strange thing
isthat they have also changed root passwd. This is odd, since it tells
me the machine has changed - i.e I thought naively that the purpose of a
root kit would be to have 'silent' root access to the server to do
whatever whilst the owner is unaware ?
Anyhow, server will be re-installed. But prior to getting to docklands,
is there anyway I can gain back a root account ? I can login as a user
account - can see the adore root kit which has been installed, etc. If
anyone things they 'become' root on such a system, then please let me know.
Thanks dave
--
David Herring
---
NetFM Ltd
T: 01344 769068
M: 07973 673027
---
http://www.journey2share.co.uk/
The number 1 trusted car share solution
More information about the Sclug
mailing list