Yes you are both right. I have just finished the imports To the new vm machine
One should never under estimate the ingenuity of hackers and script kiddies I speak from experience. We couldn't leave the machine as it was, in a perceived compromised position. So in has been cmuExport'ed I will look through the logs see If I can see a problem and then delete the original vm machine. Thanks to all for your help! Sent from my iPhone On 12 Dec 2010, at 19:03, "Chuck Tetlow" <[email protected]> wrote: > I completely agree with Chris - the backdoor that was used to gain access in > the first place may still be there. Plus, any rootkits installed are still > there. THAT is a dangerous situation. > > I'd recommend keeping that box off-line while you do cmuExports of all sites. > Build a new box and cumImport them all into that new box. Before you import > - make sure that the new box is fully up-to-date to minimize vulnerabilities. > > > And after importing everything/getting it working - make a complete box > backup before putting it back on line. That way, you've got a emergency > restore in case it happens again. After all - the vulnerability/exploit may > have been in something in one of those sites. And as soon as you put it back > on line - this could happen again. > > I'd wait till after I got the box and sites back up - but you need to > carefully check the logs to see if you can spot how this happened. If not - > you're just putting that rebuilt box out there and crossing your fingers that > it doesn't happen again. > > > > Chuck > > > ---------- Original Message ----------- > From: Chris Gebhardt - VIRTBIZ Internet <[email protected]> > To: BlueOnyx General Mailing List <[email protected]> > Sent: Sun, 12 Dec 2010 12:48:10 -0600 > Subject: [BlueOnyx:06089] Re: cant run any commands on one of our > BlueOnyxboxes > > > Peter Robbins - Bridgewater Software Group wrote: > > > Not bad for 16 hours continuous work all through the night and next > > > day. Iam off to bed now. > > > > So if I understand correctly, you loaded in a new /lib and /usr/lib onto > > the broken box (or virtual, as the case may be), then put it right back > > to work? > > > > If I haven't missed something that sounds fairly dangerous, especially > > if you've not located what caused the issue in the first place. I hope > > you're not in for another round of this. > > > > -- > > Chris Gebhardt > > VIRTBIZ Internet Services > > Access, Web Hosting, Colocation, Dedicated > > www.virtbiz.com | toll-free (866) 4 VIRTBIZ > > _______________________________________________ > > Blueonyx mailing list > > [email protected] > > http://www.blueonyx.it/mailman/listinfo/blueonyx > ------- End of Original Message ------- > _______________________________________________ > Blueonyx mailing list > [email protected] > http://www.blueonyx.it/mailman/listinfo/blueonyx
_______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
