Guys, Gals:
It looks like I may have been sucessfully hacked! I don't know and I
need your help to find out. I have had many fols test my security, but
nowone has gotten in until now. The following appeared in a review of my
syslog:
Jun 17 23:52:57 Nemesis xinetd[27314]: START: ftp pid=26954
from=210.180.201.125
Jun 17 23:52:59 Nemesis xinetd[26954]: USERID: ftp OTHER :root
Jun 17 23:58:35 Nemesis xinetd[27314]: START: telnet pid=26963
from=127.0.0.1
Jun 18 00:08:02 Nemesis xinetd[27314]: EXIT: ftp pid=26954
duration=905(sec)
The 210 IP is some Korean address from the Asian Pacific Network.
My first question is does it look like a successful hack? Second
question is, if so, what do I check to find out if they caused any harm,
installed a root kit, etc....?
As always, thanks for any help you can provide.
--
David C. Rankin, J.D., P.E.
RANKIN * BERTIN, PLLC
1329 N. University, Suite D4
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
