[Sussex] Hacked server
Jacqui Caren
jacqui.caren at ntlworld.com
Thu Jan 25 11:36:38 UTC 2007
Brendan Whelan wrote:
> David,
>
> Thanks for the response - I switch from the default admin user to root
> and I could then create directories, etc.
> I have managed to export the databases and pull them down to my PC.
> Using SCP is a good idea - I will transfer key files temporarily to
> another server.
also have a look in .bashrc et.al - they may have put a trigger in there
to let them know who else logs in - this often gives you a trackback to
other compromised systems or if they are really stupid thier
home or uni systems. Hopefully you can use this to have thier ISP
account revoked or if a uni that has decent sysadmins (not all do) get
them kicked out.
Jacqui
More information about the Sussex
mailing list