hi ya
> The person who defaced your web page may not have done anything more than
> that. But HOW DO YOU KNOW HE WAS THE ONLY PERSON THAT BROKE IN? What if
> beforehand someone broke in and left a back door? Or a time bomb?
true... so one should watch more carefully to check for activity???
> -----Original Message-----
> From: Joseph Spainhour [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 25, 2001 1:43 PM
> To: Jose Nazario
> Cc: Eric Robinson; [EMAIL PROTECTED]
> Subject: RE: f**k USA government f**k poizonbox
>
>
>
> I have to agree here. If the system is hacked, find out all you can
> about what they did, then reinstall. Either from scrach, or from a
> known good backup. It is the only way to be sure. Not taking these
> steps is only asking for trouble.
a simplre re-install from scratch or backup is WORTHLESS....
------------------------------------------------------------
you have to do something different to remove the exploit they
used to get into the server the first place
- usually means apply all known patches
( intelligently or blindly depending on your comfort level
( apply all patches blindly unconditionally, as you already
( did that when you installed from cdrom anyway.. gotta trust
( somebody
than wait(hours,days,weeks,months) and see if they get in again..
if they get in again... youhave to wonder if the trapdoor and backdoor
etc is in your backups tooo....and/or if your entire network is insecure
somewhere else that allows them to get in
have fun tracing/tracking/learning...
alvin
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
