Did you happen to check your logs and see how/when they may have gotten in?
If you have no need for services, why not shut down all non-essential
daemons to prevent this in the future. Also, you could install tripwire or a
similar product to identify any would-be intruder. The only application I
could see to the cooker list might be that they could include some more
security products in their release, IDS type stuff. If this kid found a new
exploit you should ask him about it so you can report it to Mandrake...
good luck,
Tim
> Hi
>
> This was not pleasant. Basically I had four installations on my
> harddrive. Mdk 7.2, a cooker and a cookerwith hdreiserfs and a debian.
> Common to all these was a partition called the garage where a had my
> mirrors of all the systems. This was meant to be a security as only root
> could access /mnt/garage.
>
> I observed that I could not chown a file to the user and got suspicious.
> I rebooted into debian and the same thing happend.
>
> So I have now formated everything and started fresh. The only thing I
> had was the three startdisks for debian so that was the first to enter.
> I got a network.img for mdk7.2 and got it installed, but was too
> restrictive and have no update icon.
>
> My problem is that the 'update files' are so many and I dont want to do
> that from within mdk7.2, when not secure. I suspect I will have to
> install a cdwriter and download the iso-images, as they have md5sums.
>
> For the future I would like every file to be accomanied by that.
>
> What is the best way or most secure one? I suspect the intruder to be a
> student from the local highschool, so we are on the same LAN.
>
> regards
> guran
>
>
