* Jaime <[EMAIL PROTECTED]> [2003-06-18 00:49]:
>       The clues to a crack are evident, too.  A process "/usr/sbin/nscd"
> is running on the box according to top and ps, but the file does not
> exist.  Further more, I never told such a process to execute.  Shortly
> after a reboot, a netstat command showed a connection to 37303 on a remote
> host.  I was the only person logged in and I did not initiate that
> connection.

Sounds familiar - a friend had a Linux box cracked over the weekend...
apparently russian script kiddies using a php gallery exploit. Sorry I
don't have any more details, but I do know that in his case at least
nothing else was compromised. He found all the answers he needed on

good luck, 

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to