* Jaime <[EMAIL PROTECTED]> [2003-06-18 00:49]:
> The clues to a crack are evident, too. A process "/usr/sbin/nscd"
> is running on the box according to top and ps, but the file does not
> exist. Further more, I never told such a process to execute. Shortly
> after a reboot, a netstat command showed a connection to 37303 on a remote
> host. I was the only person logged in and I did not initiate that
Sounds familiar - a friend had a Linux box cracked over the weekend...
apparently russian script kiddies using a php gallery exploit. Sorry I
don't have any more details, but I do know that in his case at least
nothing else was compromised. He found all the answers he needed on
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"