[SWLUG] Have I been hacked?

Toby Maxwell-Lyte toby.maxwelllyte at gmail.com
Tue Jun 29 11:40:47 UTC 2010


Try running something like http://www.chkrootkit.org/

On 29 June 2010 11:50, Neil Greenwood <neil.greenwood.lug at gmail.com> wrote:
> You should check the time of /etc/shadow, which is where the passwords
> are stored. Probably time to reinstall... Do you connect by telnet or
> ssh. If the former, lots of use would give lots of chance to grab the
> password. Otherwise an app you use might have been compromised.
> Good luck! Neil.
>
> On 6/29/10, Neil Jones <neil at nwjones.demon.co.uk> wrote:
>> My on-line webserver
>>  is behaving oddly. I cannot access root. The password fails. both as su
>> and logging in directly.
>>
>> I have not changed it and I have used it umpteen times over the last few
>> days and it worked.
>>
>> The date on the /etcpasswd file is several years old. Is there any
>> advice anyone can give me on checking
>> the box. I can log into it via another ID but it doesn't give me root
>> access.
>>
>> Neil
>> _______________________________________________
>> SWLUG Discussion List - Discuss at swlug.org
>> http://swlug.org/mailman/listinfo/discuss
>>
>
> --
> Sent from my mobile device
> _______________________________________________
> SWLUG Discussion List - Discuss at swlug.org
> http://swlug.org/mailman/listinfo/discuss
>




More information about the Swlug mailing list